News: Web Hosting Sales and Promos Roundup - Sept. 4, 2010
News: Google to Pursue Wave as a Complete Open-Source Collaboration Application
News: Equinix Expands Tokyo Data Center TY2
News: European DataCentre Expo to be Held in Germany
News: Bay-Area Digital Realty Trust Data Centers Save $6 to 10M in Power Costs Annually
(WEB HOST INDUSTRY REVIEW) -- A variety of news stories issuing from the Black Hat security conference this week in Las Vegas describe presentations in which researchers highlight holes in web browser security, including widespread problems with the implementation of SSL certificates.
According to a report appearing Thursday on the Forbes blogs, security researchers Robert Hansen and Josh Sokol presented a list of 24 reasons, Wednesday, why users shouldn’t trust their browser’s padlock security indicator, the image typically associated with sites secured by SSL certificates.
The presentation reportedly divided threats into mostly low- and medium-level threats, with two that Hansen considered critical. All of those threats, said the presenters, require the hacker to deploy a man-in-the-middle program on the user’s network.
The first of the critical flaws was a “cookie-passing” trick, in which the hacker visits a site before a user, receiving a valid cookie that he then passes to the user. When the legitimate user visits the site, the hacker’s cookie then becomes associated with the user, enabling the hacker to access to the user’s account.
The other critical issue was a technique through which a hacker can use an insecure tab in a user’s browser to send a request to install a plug-in once the user has opened a secure tab, making the request appear to come from the secure site.
All the slides from Hansen and Sokul’s presentation are embedded in the Forbes.com article.
SSL security and its vulnerabilities are a frequent topic at the annual Black Hat conference – which stands to reason, as it is one of the main security functions associated with ecommerce. Last year, Dan Kaminsky and Moxie Marlinspike presented vulnerabilities they had found in the issuing process for SSL certificates at the conference.
In a separate presentation at this year’s Black Hat, security researcher Ivan Ristic presented the results of a study that suggests close to 97 percent of SSL certificates are incorrectly configured, according to a report in eSecurity Planet.
Presenting the results of a study that examined 867,000 SSL certificates, Ristic said that nearly 97 percent of SSL certificates do not have the correct name on them, and don’t match the domain to which they are associated.
Of the 3 percent that matched, only one third were correctly configured – which meant, he said 2,048-bit or better encryption and the disabling of support for the SSLv2 protocol.
According to the report, Ristic speculates that the reason for the scarcity of properly-configured certificates is a lack of widespread documentation and education for the technology.
The Black Hat conference took place in Las Vegas this week, with training from July 24 to July 27, and briefings running from July 28 to July 29.
 |
PREVIOUS: Microsoft to Power LG U+ Cloud Services in South Korea | | | NEXT: Acer Plans to Expand Server Portfolio with Launch of 17 New Models: Reports |  |
Read Back Issues of WHIR Magazine
July 2010 - What's Next? Forecasting Hosting's Future
Technically, there's nothing new about us posing the question, "what are the next steps hosting providers must take to capitalize on the opportunities available in the business?" From the 10,000-foot view, that's the basic premise that underlies just about everything the WHIR publishes or produces. In this particular case, however, we're looking at it through an extremely significant contextual lens. That is, for much of the last two years, hosting providers have been operating in a business climate defined by an economy in crisis.
About This Issue | Read Digital Edition
March 2010 - Web Hosting in Europe
Europe cuts an interesting figure in our coverage of the web hosting industry. From a purely news standpoint, it is very possible to treat Europe in more or less the same way that we treat North America - that is, report the facts, ask the right questions, try to anticipate the issues raised. From an analytical standpoint, however, we present a distinctly North American point of view - this being the product of circumstances (our location), rather than a bias.
About This Issue | Read Digital Edition
January 2010 - Hottest Hosts Directory
In 2008, in our inaugural Hottest Hosts guide, I wrote that we were exploring a new format with the first in-print directory of web hosting services. And last year, I discussed the project in the context of an ongoing project, and a growing tradition here at the Web Host Industry Review. The objective, however, is not to repeat ourselves, but to help the directory evolve into a more valuable resource - something that's going to help you with your purchasing decisions, and something you're going to hold on to for the duration of the year.
About This Issue | Read Digital Edition
Comment anonymously or log into your WHIR account
Logging in allows enhanced commenting features (such as external linking) in news, features, blogs and more.