Saturday, February 11, 2012

The "weaknesses" of https; company offers trial of VPN

It had to happen.  Someone has an article on why you can’t rely on https.

Some sites use it only for log-in.  Once past log-in, you can still be hacked, if the attacker is on the same wireless connection and has a product like Firesheep.

The article says HTTPS can be broken, but it’s not easy for the uninitiated. I guess hackers have their own rites of passage and “tribunals”.

HTTPS also depends on a certificate system that can be forged.

I’ve used it in motels with no problems (with motel WiFi).  But I prefer to use my secure Verizon MiFi card most of the time.  It’s fast enough for blogging and email.   The best hotels (like a Holiday Inn Express I used in NYC's Chelsea area) have a hard-wired cable for Internet. 

The authors recommend use of a personal VPN, their own product “Private WiFi”.    I cannot speak for it personally, but the site offers a “free trial”.

The main article (indirectly tweeted by Webroot recently) is here

Electronic Frontier Foundation transmits all of its content under https without requiring a logon. I’m not sure this is necessary. 

I do think that these days smaller business sites will consider outsourcing their credit card processing so they don’t have to require logons or keep information. 

No comments: