Tweet
HTTPS is the secure protocol that banking and many other transactions are made across. Recently it's not been so secure after DigiNotar which is a Dutch company that issues certificates for secure keys was hacked and the root certificate compromised.
In laymans terms HTTPS is designed to provide a secure and encrypted connection between you and your internet banking server for example. You have a key for the secure server which allows you access and the certificate is the way of checking your key is genuine and untampered with. This ensures that your communications with the server cannot be intercepted by a 'man in the middle'. The hacking of Diginotar has allowed 'man in the middle' attacks of secure connections of Google, Wordpress, Mozilla and The TOR Project amongst others.
The bad news is your browser hangs on to these root certificates for dear life so if your certificate has been compromised you may need to dig it out manually using a tool supplied by your browser developers. Most browsers will address the issue with their next major update.
It looks like this attack is a progression of the Commodohack attacker who also claims to have compromised Globalsign a while ago and the motivation is political and not financial at the moment. That said it's only a short step to other systems including government communications, banking, online shopping etc being insecure.
This kind of action could also have further reaching consequences than the fall in VASCO stock price that followed these incidents if consumer trust in internet commerce sites takes a knock.
In laymans terms HTTPS is designed to provide a secure and encrypted connection between you and your internet banking server for example. You have a key for the secure server which allows you access and the certificate is the way of checking your key is genuine and untampered with. This ensures that your communications with the server cannot be intercepted by a 'man in the middle'. The hacking of Diginotar has allowed 'man in the middle' attacks of secure connections of Google, Wordpress, Mozilla and The TOR Project amongst others.
The bad news is your browser hangs on to these root certificates for dear life so if your certificate has been compromised you may need to dig it out manually using a tool supplied by your browser developers. Most browsers will address the issue with their next major update.
It looks like this attack is a progression of the Commodohack attacker who also claims to have compromised Globalsign a while ago and the motivation is political and not financial at the moment. That said it's only a short step to other systems including government communications, banking, online shopping etc being insecure.
This kind of action could also have further reaching consequences than the fall in VASCO stock price that followed these incidents if consumer trust in internet commerce sites takes a knock.
Comment