Latest posts by Alvin Bryan (see all)
- Millionaire Tyupkin Malware ATM Hackers May Come to US, India After Hitting Europe - October 23, 2014
- BitLicense Will Allow Bitcoin Spying in New York - October 22, 2014
- Australians are Fighting Data Retention Laws - October 22, 2014
A lot of Internet users have been relying on HTTPS for security. Many depend solely on this instead of getting additional protection from tools like online security VPNs. Security experts have been saying for a long time that this is a big mistake. Now there’s proof – they have discovered that quite a number of HTTPS connections are being made by forged security certificates.
Forged HTTPS Certificates FoundThis is the first time that real hard evidence of forged security certificates has been discovered. And these are forged certificates in actual live connections. The computer scientists who uncovered this say that there is a noteworthy amount of these fake certificates active on the Internet. This means that websites using these for connection encryption are in fact using certificates that are not authorized by their owners.
Millions of websites use secure digital certificates to assure users that it is safe to be on these websites. Now we know that the HTTPS system has been corrupted to a considerable extent. The implications are scary even though scientists say that there are not very many fake certificates being used today. For one thing, these websites can no longer prove to their users that they are who they say they are. These certificates are guarantees of the website owner’s identity. Fake certificates means spoofed web pages that lure Internet users to malware and other dangerous computer system infections. Another problem is data encryption. HTTPS is supposed to secure the data of website users. Fake certificates do not provide users with this protection. Instead, users are given a false sense of security that causes them to share their sensitive information.
Spoofed Facebook Connections
The computer scientists who did the research reported that 0.2 percent of Facebook connections were established using forged HTTPS certificates. And this is only for the servers that use Secure Sockets Layer and Transport Layer Security. These protocols are two of the most commonly applied methods for ensuring connection encryption. 0.2 percent may not seem like much, but this equates to almost 7,000 connections. That’s a lot of people whose Facebook account details were probably compromised.
The connections found to use fake certificates were traced to computers running certain antivirus programs. Bitdefender and Eset were names as two of these antivirus software providers. The researchers also found that some firewalls and other network security applications were also presented with the forged certificates. The NSA was caught spoofing Facebook connections two months ago. It is unclear what, if any, portion of these server connections can be attributed to them. In addition, the scientists uncovered over a hundred instances of well-known malware. The malware produced IopFailZeroAccessCreate certificates that showed up in 45 countries across the globe.
Online Security VPNs Ensure Encryption
Billions of Internet users connect thousands of times to Facebook every month. And this is just one website. 0.2% of this is millions of potential hacking victims. If these users had been using tools like online security VPNs, they would have had a chance. Online security VPNs provide Internet users with an extra layer of encryption. Experienced hackers have been known to steal certificate keys to defeat HTTPS website encryption. They can take these keys from antivirus providers. Users who have these programs installed trust the software. This is how hackers gain access. When users go online via online security VPNs, however, the connections are secured from the source. This makes them untraceable. After the Heartbleed scare and now this evidence of HTTPS that isn’t secure, Internet users need to get the additional protection that online security VPNs can provide.