IT Professionals

Untrustworthy SSL Worries

Posted by on Aug 19, 2010 | One Comment

There should be an image here!It seems like security concerns take no holiday. Seriously, it’s getting to a point where being vigilant is a must regardless of what extra software is in play on your end. And yes, those in the know already knew this.

The EFF explains that there are more than 650 organizations that can issue certificates. We are talking about security certificates, folks. That is insane!

Clearly stronger oversight is needed here to ensure that security certificates are not being abused here. I mean, come on folks. How are we allowing over 600 different companies to handle something so important without any real oversight? And as luck would have it, this is a legitimate problem since a lot of certificates being handed out are, apparently, not real.

[Photo above by adulau / CC BY-ND 2.0]

[awsbullet:Electronic Frontier Foundation]

  • Joseph A’Deo

    Bum SSL certs, or mis-implemented SSL certs, are one of the biggest security issues we currently face. As a VeriSign evangelist I’m constantly seeing questions from individuals who’ve been told that they can simply acquire a self-signed cert or something cheap that doesn’t really provide any protection — it really is worth it to go with a trusted name, or to at least buy a cert with trusted testimony behind it (from colleagues, etc). We’d of course like to see more folks using extended validation ssl given the growing savvy of hacker intelligence and the fact that the green url bar is impossible to crack, but even ordinary ssl needs a bit more muscle than its current use.