Consequences:HTTPS Under Attack,Not Secure Anymore
Most of us are aware of the padlock system by which we know if a connection to an online bank, shop, or webmail provider is secure. The Website address is also prefixed by https://, which provides another clue for better and secure browsing in entire Cloud
HTTPS (Hyper Text Transfer Protocol Secure) which give us trustworthiness of safe and secure browsing will no more secure anymore,You says what the hell I am taking, but it’s absolutely true ! now we can’t trust any of the HTTPS connection. HTTPS connections are the most trusted ones as per all the Internet users, but due to some of the foolish/careless CA’s ( Certificate Authorities ), now the secure protocol is in danger. Recently some hackers group hacked in to the COMODO–the second largest CA in the world— certificate authority and issued some fake certificates on the name of Google, Microsoft, Yahoo etc,Now onward we can’t trust on HTTPS until the problem get resolved.
Actually this incidence happen in March a hacker group called Ich Sun accessed the computer systems for Comodo and used its systems to issue frudulent certificates for Google, Yahoo, Skype, and Hotmail, amongst others. These certificates could be used to make a fake site look legitimate(Phishing). The certificates were quickly revoked once the hack was discovered, and Microsoft issued an update to ensure that Windows users weren’t fool,and let’s see how the CA’s can give answer to this problem.
Fake Certificates issuer may use some spoofing techniques along with SSL certificates and easily bluff the people to show a phishing site as a legitimate one. Now all the option we have left is while doing any transactions check everything is in proper way or not ?, or else you may lose your personal and financial info. which may be disaster for you 🙁
Google also started to tolerate this certificate thefts issue using DNSSEC,which is not same as SSL ,it not prevent all attacks like DOS attack but it can check the DNS lookup to verify the legitimate of address and it work on TLD–Top level domains-,I think this DNSSEC will be next security update for entire web.
Note:I recommended you please install trusted Security softwares and use your presence of mind while doing any transation over the cloud.
Saurabh Mukhekar is a Tech Blogger from Pune, India. He is also thinker, maker, life long learner, hybrid developer, edupreneur, mover & shaker. He’s captain planet of BlogSaays and seemingly best described in rhyme. Follow Him On Facebook