Cheap SSL Certificates

Twitter is slowly turning on automatic encryption on its website, a move following other major providers of web-based services to thwart account hijacking over wireless networks.

SSL encryption, indicted by «https» in the URL bar and sometimes a padlock in the browser window, is an encryption protocol used to protect communication between a client and a server. It is important to use because unencrypted information passed over wireless networks can be intercepted.

Many websites encrypt a person's login and password but will stop encrypting further data that is transmitted. A reason for not using SSL throughout a session is that it can occasionally slow interaction between the user and website.

Last year, a freelance web application Firesheep released, an add-on for Firefox that snatches cookies transmitted on unencrypted networks. Web sites drop a cookie, or a small data file, into a person's Web browser while they are logged into a session. Cookies are also used to «remember» people and keep them logged into the website.

Firesheep used an technique that was well-known but made it very easy for novice hackers to grab cookies and immediately log into a website as another person with just two clicks, known as session hijacking. If Firesheep detected someone logging into say, Facebook, on an open wireless network it would display their photo and name, which could be clicked in Firesheep, hijacking the person's account.

SSL Certificate would thwart such an attack since the cookie would encrypted. Other websites have started to step up their security as well. Facebook allows people to turn on SSL for a person's entire session in the «Account Settings» under «Security.» In January 2010, Google turned on SSL for everyone using Gmail by default.

Credit: SSL Certificates News

If your reputation in the online community depends upon the stringent safeguarding of information processed through your Web site, then your Internet security solution should include the strongest encryption available to each Web site visitor.

Encryption is the process whereby data is transformed into a code that will be indecipherable to an unauthorized viewer. The stronger the encryption, the more difficult it is for someone to eavesdrop on your online communications. This is especially important if you accept any kind of online payments, connect to a bank or brokerage account, transmit health records, must meet a governmental or other regulatory organization’s privacy and security standards, or process any kind of potentially sensitive information.

Industry experts recommend a minimum of 128-bit encryption be used for all secure online sessions. Some Web server-client browser configurations enable sessions with up to 256-bit encryption protection, the strongest level of encryption commercially available today.

The strength of encryption enabled for any session depends on what your customer’s browser and operating system support, as well as what your host server systems will support. If your consumer’s browser or operating system does not support higher levels of encryption, the session will default down to the highest level that it can support.

Regular 128—256 bit SSL Certificates intended for securing leading sites over usual browsers, where SGC SSL Certificates upgrade the encryption capabilities of older browsers from 40-bit encryption into full 128- or 256-bit encryption.

Server Gated Cryptography (SGC) enabled SSL Certificates upgrade the encryption capabilities of older browsers from 40-bit encryption into full 128/256 bit encryption – ensuring your website protects and is trusted by the highest number of internet users possible.

With SGC SSL Certificate, encryption levels are controlled by the server and not dependent on the client system. Once these original export restrictions were lifted, SGC-enabled SSL Certificates are now issued to all types of Web sites, not just authorized financial institutions.

VeriSign offers market-leading SGC-enabled SSL Certificates so virtually every visitor to your Web site will be protected by the industry recommended minimum of 128-bit encryption.

Mozilla disabled MD5 in their environment from June 30, 2011 (https://wiki.mozilla.org/CA:MD5and1024). This means that any SSL certificates containing an MD5 signature algorithm will not work in later FireFox browsers after that date.

RapidSSL does not use the MD5 in the certificates we issue. However, it is possible that a small number of older certificates may contain an MD5 signature.

In the next few months RapidSSL will be communicating to any affected customers that they should reissue their certificate.

Reissuing your certificate is a simple process and will ensure your certificate contains a with a SHA-1 signature algorithm.

For instructions on reissuing your certificate please contact support team at http://www.clickssl.com

Credit: SSL Certificates News

What is phishing and malware?

A phishing attack takes place when someone masquerades as someone else to trick you into sharing personal or other sensitive information with them, usually through a fake website. Malware is software that gets installed on your machine often without your knowledge, and is designed to harm your computer or potentially steal information from your computer.

For more pointers on keeping your family safe on the web, read Google’s Tips for Online Safety. Learn about other security settings and additional technologies, such as sandboxing and auto-updates, that Google Chrome uses to keep you safe on the Web.

Google downloads a list of information to your browser about sites that may contain malicious software or engage in phishing. On the list, each URL is hashed (obscured so it can’t be read) and then broken into portions. Your browser creates hashed versions of URLs that you visit, and checks them against the list. If the URLs match the list, your browser will contact Google’s servers to request the full list — not just portions — of the hashed URLs that are believed to be risky.

Your computer can then determine if you are visiting a risky site, and warn you about it. When your computer contacts Google to get more information about a specific hashed URL fragment, or to update the list, we receive standard log information including your IP address and possibly a cookie. This information does not personally identify you, and is retained only for a period of weeks.

Google Chrome phising and malware alerts:

Here are the messages you may see when phishing and malware detection is enabled: