Why SSL is not enough to secure your credit card details

Written by ArticSoft

SSL (secure sockets layer) isrepparttar security technology everyone uses to ensure that their web connections are secure. An SSL connection is symbolized by a padlock icon inrepparttar 132033 right-hand side ofrepparttar 132034 taskbar and a URL that starts with Ďhttpsí,repparttar 132035 Ďsí standing for a secure http connection. What trust, however, should users associate with SSL?


SSL uses a method known as public key authentication in order to providerepparttar 132036 confidential link betweenrepparttar 132037 server andrepparttar 132038 client computer. This can be a very strong and effective method. It allows you to establish a strong confidential link between a server and a client without either knowing aboutrepparttar 132039 other beforehand. And thatís whererepparttar 132040 problems really begin.

Public key authentication works where each end of a connection can independently check thatrepparttar 132041 other end is real. Itísrepparttar 132042 same idea as getting a cheque from someone you donít know and calling their bank to see if itís OK. Thatís why it doesnít really work. If it was going to work,repparttar 132043 server would have to be able to find out ifrepparttar 132044 client key really belonged to them or not Ė and it canít. In our bank example, itís like having a cheque withoutrepparttar 132045 bank name on it orrepparttar 132046 customer namerepparttar 132047 bank knows you by so that you canít even askrepparttar 132048 question. In fact if that happened you probably wouldnít acceptrepparttar 132049 cheque!

As a result,repparttar 132050 server canít tell if a hacker has diverted you via their own site and is playing a Ďman-in-the-middleí attack whererepparttar 132051 hacker gets to see allrepparttar 132052 data going both ways. Usuallyrepparttar 132053 server uses an identification that has been approved by one ofrepparttar 132054 companies whose information is stored inside your browser. Thatís why atrepparttar 132055 client end it all seems fine. There is justrepparttar 132056 minor problem that you canít actually tell ifrepparttar 132057 identity is still valid because thereís no way inrepparttar 132058 current system to do that. Not surprisingly, there is nothing happening that allowsrepparttar 132059 server to linkrepparttar 132060 information arriving at it withrepparttar 132061 actual user ofrepparttar 132062 client PC. It is always assumed thatrepparttar 132063 information comes from there but you canít prove it.

Does SSL protect you, or is it a condom that is open at both ends?

Written by ArticSoft

Forrepparttar last five or so years, SSL has been paraded asrepparttar 132030 technology that securesrepparttar 132031 Internet. All you have to do is look and seerepparttar 132032 padlock onrepparttar 132033 bottom ofrepparttar 132034 screen and you can be sure itís safe.

Is it true?

SSL is a technology for providing a secure connection between two places. It provides secure links, or pipes between wherever it starts and wherever it stops.

What it does not do is actually secure any ofrepparttar 132035 data that passes throughrepparttar 132036 pipe, or really know where either end ofrepparttar 132037 pipe actually is. What you can be sure of is that anything put into one end ofrepparttar 132038 pipe is going to come out whereverrepparttar 132039 other end is.

But surelyrepparttar 132040 data is fully protected? Yes, whilstrepparttar 132041 data is inrepparttar 132042 pipe it is protected. Now, assuming Ė and unfortunately thatís what we have to do Ė that you know for sure where each end ofrepparttar 132043 pipe is, and you are sure that each end is very secure, and you know for certain who is at each end, then youíre OK. If any of those is not true then you do have a problem.

My data is SSL protected betweenrepparttar 132044 server, and me so why should I worry? Well no one atrepparttar 132045 server end really knows whomrepparttar 132046 data is from because they donít know what your identity is. They assume that data arriving throughrepparttar 132047 pipe is right, and that your identity can be presumed fromrepparttar 132048 data, notrepparttar 132049 other way around. Unfortunately there are hacker attacks that divert your link through their own site, where they can pretend to each end that they arerepparttar 132050 other entity without either end beingrepparttar 132051 wiser. (This is called a man-in-the-middle attack using web site spoofing.)

Cont'd on page 2 ==>
ImproveHomeLife.com © 2005
Terms of Use