Free Newsletter
Register for our Free Newsletters
Access Control
Deutsche Zone (German Zone)
Education, Training and Professional Services
Government Programmes
Guarding, Equipment and Enforcement
Industrial Computing Security
IT Security
Physical Security
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec

Comodo explains how EV SSL Cerificates protect confidential information

Comodo Group : 02 September, 2009  (Technical Article)
Answering the question "What are digital certificates?", Comodo explains how hackers have been able to circumvent them
In order to make the business of exchanging information on the Internet as clear as possible, even among different platforms and languages, software developers have designed a clear standard of communication. That standard is called the Hyper Text Transfer Protocol (HTTP).

The disadvantage of such a clear protocol is that anyone who intercepts an online transaction can easily read it unless it has been altered. The computers exchanging the information can agree upon a method to disguise it. The text can be changed using a process called encryption. When computers exchange encrypted text, the protocol is called HyperText Transfer Protocol Secure (HTTPS).

The two computers agree to transpose the message into an unintelligible 'hash' of characters. For example, instead of plain characters, encrypted text looks like this:

3048 0241 00C9 18FA CF8D EB2D EFD5 FD37 89B9 E069 EA97 FC20 5E35 F577 EE31 C4FB C6E4 4811 7D86 BC8F BAFA 362F 922B F01B 2F40 C744 2654 C0DD 2881 D673 CA2B 4003 C266 E2CD CB02 0301 0001

HTTPS uses a document called a 'digital certificate' to create the hash file. Only the owner of the private key associated with the digital certificate can read or understand the encrypted communication.

Most popular Internet browsers acknowledge SSL communications by displaying a small yellow padlock appears in their bottom right-hand corners.

Recently hackers have discovered that they could buy SSL certificates online, without their trustworthiness being checked. The only verification is a series of email challenges that determine whether the applicant has some access to the domain name listed in the purchased certificate. If a hacker passes the email test (even if he or she is not the legitimate owner of the domain), he or she receives a 'domain-validated' SSL certificate, enabling the browser to display the golden padlock.

Many Internet users believe that the padlock signals that their online communications are safe. Although the hacker is using encryption, these low level certificates do not give any guarantee that a user is communicating with the right company. Their information may be securely transferred straight into the hands of a thief.

Checking a website's certificate is a good practice that helps netizens avoid spoof websites, sometimes called 'phishing' sites. To check the certificate, click on the padlock. The browser will display the name of the owner of the certificate. This name should match the name of the website operator.

Companies requiring digital certificates have a better alternative for online communications: Extended Validation (EV) SSL certificates. To receive EV SSL certificates, online businesses must be verified as to their business identity and their existence. A business must be verified by a certificate authority, both that it is an existing business and that it has exclusive control over the domain.

When Internet users access a website using an EV SSL Certificate, they receive a special confirmation. All popular browsers turn their address bars bright green as an indicator that the business has passed the more complex validation process, adding a visual reassurance that this online transaction is with a confirmed entity.

Seeing a site with an EV SSL Certificate confirms two essential factors:

* That the user has a secure SSL (encrypted) link with this website
* That this website represents a real organization
Bookmark and Share
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
   © 2012
Netgains Logo