SSL

SSL/TLS Encryption Technology Being Abused

August 18, 2017 | By Comodo SSL

SSL/TLS encryption technology over the years has become synonymous with the security of websites and those who happen to interact with them. But of late, the same technology which has been known to make the internet a secure place is making the headlines for a very wrong reason. This is because hackers have a found a way to get these SSL/TLS certificates easily. And they are using them to the fullest to deceive the online world and thus making easy money online.

Who is to be blamed?

Those who offer this SSL/TLS encryption technology for free. While the goal of these Certificate Authorities is indeed a noble one – free SSL/TLS encryption for the online world – the fact that they’ve made life difficult for online users cannot be denied. Because since the advent of these free SSL/TLS certificates, phishing websites have been on the rise, affecting many online users.

SSLTLS Encryption Technology

How Free SSL Certificates Are Abusing SSL/TLS Technology?

What these Certificate Authorities offering free SSL/TLS technology do is that they offer only the bare-bones solution. That is they provide only the bare minimum SSL protection which is not always sufficient enough to offer wholesome internet security. To be more precise, these certificate authorities offer only domain validation (DV) certificates.

And these DV certificates are usually issued without carrying out “proper checks”. Thus, even hackers can gain these DV SSL Certificates for free, as the vetting is minimal, pose as genuine websites and deceive internet users into handing over them precious information.

Who is being Targeted?

Gullible internet users. Those who are not aware how to check the type of SSL Certificate a website contains and therefore end up thinking they are communicating with trustworthy sites without realizing free SSL certificates are mostly just domain validation certificates which do not guarantee the identity of the organization which owns the site.

Unfortunately, SSL/TLS Technology is Taking the Blame.

Over the years, internet users have been trained to look out for signs like “https in the address bar”, which has come to be universally accepted as a sign of utmost security for websites. Now that hackers have found a way to use these digital certificates legitimately and thus are deceiving a substantial number of internet users, SSL/TLS technology has come under scrutiny.

Need of the Hour: Creating Proper Awareness

Just letting online users to “look for https” in the address bar is not going to be sufficient. They should be explained the bigger picture clearly. That there are different types of SSL certificates, each offering different levels of protection. This message should be conveyed using the simplest terms possible in such a way that even the layman user should be able to understand it easily. This way, they’ll become better judges of the type of protection websites proclaiming to be SSL Certified really offer. This way, they’ll realize SSL/TLS encryption technology comes with certain conditions and that all of these conditions have to be met for the websites to offer solid security against phishing and various other such attacks.

Compare Types of SSL Certificate

Posted in SSL,Technology

Be Sociable, Share!

Leave a Comment


 


* fields are mandatory