Latest posts by Alvin Bryan (see all)
- Millionaire Tyupkin Malware ATM Hackers May Come to US, India After Hitting Europe - October 23, 2014
- BitLicense Will Allow Bitcoin Spying in New York - October 22, 2014
- Australians are Fighting Data Retention Laws - October 22, 2014
HTTPS is the most secure address you can get on the web, and yet it is not fool-proof. The “S” added onto the HTTP stands for the certificate authority that has verified the identity of the site operator. That data passed to and from the site is then encrypted. This verification and encryption process is supposed to ensure that only the authorized parties, namely the website operator and the account holder, have access to this data. Sadly, even the security measures of HTTP secure sites are not perfect, and hackers spend enough time and resources daily trying to get past them.
Certificate Authorities Hacked
Hackers can break into the certificate authorities themselves and from there issue fake certificates to get themselves verified.
Having gained access to a site, they work on decrypting the data and taking the valuable information that passes through the site. Fraudulent certificates can be discovered and revoked, but the associated HTTP secure websites, now unsecure and hacker-monitored, can continue to be visited by users for months.
HTTP Secure Hack Victims
About 2 million sites like banks and retailers use HTTP Secure addresses. The recent discovery about the ineffectiveness of the certificates used is scary. A weakness was found by the Electronic Frontier Foundation in the algorithms that are used to create the lines of numbers in the encryption process. Analysis done by the Trustworthy Internet Movement revealed that only 22 percent of the 172,598 HTTPS sites in the study were truly secure.
One tool that hackers have successfully used in the past to break into SSL secured sites is called BEAST, short for Browser Exploit Against SSL/TLS. This attack compromised SSL and TLS browser connections that hundreds of millions of people use daily. Of course security providers are continually upgrading to fend off the latest attacks, but not all websites are getting the necessary security upgrades in time to ensure the safety of their users’ data.
Additional Security Needed
More recently, the hijacking of Twitter and Facebook accounts has caused some concern. Not only are these accounts pored over for personal data that can be used for financial theft, but identity theft has also become a great threat. Just last month it was reported that the personal data of some popular religious leaders with highly active presences on Facebook was used to set up phony pages to scam followers out of their money.
It seems there’s nothing left but for people to be very careful what they reveal about themselves on the Internet. It is impossible to never reveal anything especially with many common transactions being processed over the Internet. But it is not impossible to remain completely anonymous. What is left is for people to turn to a VPN service to give them that extra layer of protection that can keep them safe from these many online threats.
Clearly, when the best levels of Internet security are vulnerable to attack, users need an extra layer of protection to lower the chances of being victimized. Most hackers will go for the easy kill, so more armor always gives you an advantage. A popular method of securing additional protection for sensitive and valuable personal data is coursing all traffic through a virtual private network. Due to its effectiveness as a personal security measure, VPN technology has advanced to allow individual users to easily set up a VPN on their own devices. Personal VPN services like ExpressVPN have provided individuals with a simple and easy to use yet highly operational solution to combat prevalent cyber attacks.