Innovation Toronto
Now Reading
Experts Warn of a Weak Link in the Security of Web Sites
Innovation Toronto
Dark Light
  • Follow
Subscribe
Innovation Toronto
Bringing transformative potential to agriculture with a natural technology for ‘dimming’ genes
This unassuming material is capable of capturing or releasing carbon dioxide from the atmosphere in response to moisture swings.
Pulling carbon dioxide out of the air using moisture
A more efficient way to capture fresh water from the air
Staving off coral reef collapse via a new technique
Producing energy from evaporating tap or seawater with new nanoscale devices
Setting the stage for regenerative therapy by turning skin cells into limb cells

Experts Warn of a Weak Link in the Security of Web Sites

August 14, 2010
Electronic Frontier Foundation
Image via Wikipedia

Computer security researchers are raising alarms about vulnerabilities in some of the Web’s most secure corners: the banking, e-commerce and other sites that use encryption to communicate with their users.

Those sites, which are typically identified by a closed lock displayed somewhere in the Web browser, rely on a third-party organization to issue a certificate that guarantees to a user’s Web browser that the sites are authentic. But as the number of such third-party “certificate authorities” has proliferated into hundreds spread across the world, it has become increasingly difficult to trust that those who issue the certificates are not misusing them to eavesdrop on the activities of Internet users, the security experts say.

“It is becoming one of the weaker links that we have to worry about,” said Peter Eckersley, a senior staff technologist at the Electronic Frontier Foundation, an online civil liberties group.

The power to appoint certificate authorities has been delegated by browser makers like Microsoft, Mozilla, Google and Apple to various companies, including Verizon. Those entities, in turn, have certified others, creating a proliferation of trusted “certificate authorities,” according to Internet security researchers.

According to the Electronic Frontier Foundation, more than 650 organizations can issue certificates that will be accepted by Microsoft’s Internet Explorer and Mozilla’s Firefox, the two most popular Web browsers. Some of these organizations are in countries like Russia and China, which are suspected of engaging in widespread surveillance of their citizens.

See Also
2011: The Year of the Personal Robot

Mr. Eckersley said Exhibit No. 1 of the weak links in the chain is Etisalat, a wireless carrier in the United Arab Emirates that he said was involved in the dispute between the BlackBerry maker, Research In Motion, and that country over encryption. The U.A.E. threatened to discontinue some BlackBerry services because of R.I.M.’s refusal to offer a surveillance back door to its customers’ encrypted communications. Mr. Eckersley also said that Etisalat was found to have installed spyware on the handsets of some 100,000 BlackBerry subscribers last year. Research In Motion later issued patches to remove the malicious code.

Read more . . .

Enhanced by Zemanta
Tags
What's Your Reaction?
Don't Like it!
0
I Like it!
0
View Comments (0)

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Scroll To Top