Latest News: Technology |  Celebrity |  Movies |  Apple |  Cars |  Business |  Sports |  TV Shows |  Geek

Trending

Filed under: News | Technology News

 

Evaluating the dangers behind those Ominous Browser Warnings

Feb 6 2014, 8:33am CST | by

1 Updates
Evaluating the dangers behind those Ominous Browser Warnings
 
 

YouTube Videos Comments

Full Story

Evaluating the dangers behind those Ominous Browser Warnings

From time to time when searching the Internet, your browser will stop you with an ominous warning: “This connection is untrusted.”

I encountered this issue most recently when going to getcocoon.com, a privacy company I recently wrote about that boosts Internet protection by, in effect, letting you browse the Internet through their servers. The warning message on Firefox said it had let its security certificate expire two days before.

I have also sometimes noticed the warnings at krebsonsecurity.com, a site operated by investigative journalist Brian Krebs, who has done excellent work in analyzing the recent credit card breaches at Target and elsewhere.

So what gives, are these warnings accurately telling us that such sites are somehow infected or dangerous to visit? Most of the time no and, it turns out, the issue is fairly complex.

To boost security, companies buy SSL (Secure Sockets Layer) certificates, which provide an encrypted and authenticated connection between your browser and the website, barring others from monitoring the traffic. The opening “http” of an Internet address becomes “https,” indicating a secure connection.

“Encryption makes it difficult for eavesdroppers to listen; authentication guarantees that the website you are visiting is actually hosted by the domain displayed in the browser’s address bar, and not some man-in-the-middle bad guy who published a clone of bankofamerica.com,” with the fake site containing a zero rather than “o” in its address, says Eric Jung, founder of FoxyProxy, a proxy and VPN service, .

Companies pay as little as $9 a year for SSL certificates at NameCheap, although other kinds of proxies cost much more and there are far greater related costs. For example, companies need to pay for additional computing power required for improved security and there are various levels of security certificates.

Usually the untrusted connection message (which on Internet Explorer reads: “there is a problem with this website’s security certification”) comes from innocent error, according to Peter Eckersley, technology projects director for the Electronic Frontier Foundation. Two thirds of the time “it is a bureaucratic error that had no security dimension whatsoever: a certificate expired, was issued only for ‘www.example.com’ but you tried to go to ‘example.com’ without the ‘www.’, or the Certificate Authority that issued it was demanding more money from someone,” he said.

Another third of so of the warnings emanate from specifics of Wi-Fi in places such as hotels and cafes that require users first to accept their terms of use, says Eckersley, whose past work includes the often-praised HTTPS Everywhere browser plugin.

Only in rare cases does the browser warning indicate true danger. “One percent of the time, you see a certificate error because you are under attack for real,” he said.  “Somebody is actually trying to read your email, collect your search terms, or inject malware onto your computer.  Unfortunately, humans have been trained by the other 99 percent of cases to always click past the warning.”

Eckersley says a better system should replace SSL certificates: “We don’t think it’s reasonable to expect most humans to spend hours learning the bureaucracy and mathematics of how the SSL certificate system works, so we think it’s probably best if that system is put out of its misery and replaced with something that just works.”

Until then, what should one do when the browser warns you to avoid the website?

Eric Jung of FoxyProxy says the safest thing to do is to close the browser tab. But in reality it is tempting to forgo every last precaution. What he actually typically does is look whether the website is financially important such as a bank or investment firm or something sensitive that uses his email, address book or calendar. If so, he closes the browser. If not, he proceeds– with some precautions. “I will rarely — if ever — type any real data into a form displayed by the site… username, password, name, hotel room number — all these things I will falsify,” he says.

“This does not guard against all attacks–for example, site-specific cookies could still be stolen by accepting this warning, which would permit Bad Guy to be my imposter–but I accept the risks knowingly and with caution.”

And as for getcocoon.com and Kresonesecurity.com, both turn out to be cases when it was indeed fine to visit the sites despite the incidents of past warnings. For Cocoon, an administrative snafu delayed the renewal of their certificate for a few days – the site is now back to normal, the CEO says. Brian Krebs says his visitors sometimes see the warning purely for technical reasons. “The issue with my site is that a handful of the images and ads on my site are not served over https for several different reasons, and so you will get an error that says there’s a security problem,” he said.

Source: Forbes

 

You Might Also Like

Updates


Sponsored Update


Advertisement


More From the Web

Shopping Deals

 
 
 

<a href="/latest_stories/all/all/31" rel="author">Forbes</a>
Forbes is among the most trusted resources for the world's business and investment leaders, providing them the uncompromising commentary, concise analysis, relevant tools and real-time reporting they need to succeed at work, profit from investing and have fun with the rewards of winning.

 

 

Comments

blog comments powered by Disqus

Latest stories

Apple&#039;s first wearable will not ship until 2015
Apple's first wearable will not ship until 2015
If true, Apple, as it has always been, must be very confident about its timing. After all, it will be the company's new product from an entirely different category, and people will most likely be patient about it.
 
 
Jennifer Aniston tasted Jimmy Kimmel&#039;s Wife’s Breast Milk
Jennifer Aniston tasted Jimmy Kimmel's Wife’s Breast Milk
The Friends starlet, Jennifer Aniston shared some very personal matters with the press recently. They included tasting her male friend Jimmy Kimmel's wife’s breast milk! Jimmy Kimmel's
 
 
Gwyneth Paltrow facing Lawsuit
Gwyneth Paltrow facing Lawsuit
The famous actress and creator of a website named Goop, Gwyneth Paltrow, is facing a lawsuit by a man who claims she plagiarized his creative phrase. And she is also concerned about her ex-husband’s new relationships.
 
 
Ashlee Simpson celebrates Evan Ross Birthday Bash
Ashlee Simpson celebrates Evan Ross Birthday Bash
The pop starlet, Ashlee Simpson celebrated her fiance’s birthday bash and also wore a special hat later on in the style of Mary Poppins.
 
 
 

About the Geek Mind

The “geek mind” is concerned with more than just the latest iPhone rumors, or which company will win the gaming console wars. I4U is concerned with more than just the latest photo shoot or other celebrity gossip.

The “geek mind” is concerned with life, in all its different forms and facets. The geek mind wants to know about societal and financial issues, both abroad and at home. If a Fortune 500 decides to raise their minimum wage, or any high priority news, the geek mind wants to know. The geek mind wants to know the top teams in the National Football League, or who’s likely to win the NBA Finals this coming year. The geek mind wants to know who the hottest new models are, or whether the newest blockbuster movie is worth seeing. The geek mind wants to know. The geek mind wants—needs—knowledge.

Read more about The Geek Mind.