Consequences:HTTPS Under Attack,Not Secure Anymore

Updated on: April 26, 2020

 

Most of us are aware of the padlock system by which we know if a connection to an online bank, shop, or webmail provider is secure. The Website address is also prefixed by https://, which provides another clue for better and secure browsing in entire Cloud

HTTPS (Hyper Text Transfer Protocol Secure) which give us trustworthiness  of safe and secure browsing will no more secure anymore,You says what the hell I am taking, but it’s absolutely true ! now we can’t trust any of the HTTPS connection. HTTPS connections are the most trusted ones as per all the Internet users, but due to some of the foolish/careless CA’s ( Certificate Authorities ), now the secure protocol is in danger. Recently some hackers group hacked in to the COMODO--the second largest CA in the world-- certificate authority and issued some fake certificates on the name of Google, Microsoft, Yahoo etc,Now onward we can't trust on HTTPS until the problem get resolved.

Actually this incidence happen  in March a  hacker group called Ich Sun accessed the computer systems for Comodo and used its systems to issue frudulent certificates for Google, Yahoo, Skype, and Hotmail, amongst others. These certificates could be used to make a fake site look legitimate(Phishing). The certificates were quickly revoked once the hack was discovered, and Microsoft issued an update to ensure that Windows users weren’t fool,and let's see how the CA's can give answer to this problem.

Fake Certificates issuer  may use some spoofing techniques  along with SSL certificates and  easily bluff the people to show a phishing site as a legitimate one. Now all the option we have left is while doing any transactions check everything is in proper way or not ?, or else you may lose your personal and financial info. which  may be disaster for you 🙁

DNSSEC Will be Next Security Release on Web

Google also started  to tolerate this certificate thefts issue using DNSSEC,which is not same as SSL ,it not prevent all attacks like DOS attack but it can check the DNS lookup to verify the legitimate of address and it work on TLD--Top level domains-,I think this DNSSEC will be next security update for entire web.

Note:I recommended you please install trusted Security softwares and use your presence of mind  while doing any transation over the cloud.

Post Tags: #CA'S #DNSSEC #HTTPS under attack #Spoofing #SSL Problem
Saurabh Mukhekar
Saurabh Mukhekar is a Professional Tech Blogger. World Traveler. He is also thinker, maker, life long learner, hybrid developer, edupreneur, mover & shaker. He's captain planet of BlogSaays and seemingly best described in rhyme. Follow Him On Facebook

Leave a Reply

Your email address will not be published. Required fields are marked *