Threat to Internet

When we are working in internet, we are aware of that there some possibility where someone can steal our data even without our knowledge. To improve the security and to make the data unreadable we find the encryption and decryption algorithms. To make the web more secure, we use the SSL/TLS Protocols.

This protocols secures our data from the attackers and based on certificates. Mostly the attacker targets the client rather than server by using fake server certificates. This certificates are generally controlled by the Certificate Authority(CA).

Early only few CA (like Verisign, Equifax, and Thawte) are have the control over the SSL Certificates. But today, it grows to many number and usage of SSL certificates are also increased rapidly.

By default, the web browsers support many CA. For example, Firefox supports nearly 60 CA’s and IE supports more than 100 CA’s.

We think, that the security lies in the private key and certificates that we have in our server. But its not the true, the real security lies in the CA level.

When CA’s started to support the attackers, everything should be compromised. But we don’t have the control over the CA and we are not able to find this type of compromises also..

For Example, Cybertrust (a division of Verizon) issued SSL CA certificate to Etisalat on the 19th of December, 2005. Etisalat (CA) issues Certificates to the users and the company has the potential ability to fake a secure connection to any site Etisalat subscribers might visit using a man-in-the-middle scheme.

Now Ethisalat is supported in many browsers by default and there are some possibility that the entire web security is compromised.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s