Saturday, February 11, 2012
The "weaknesses" of https; company offers trial of VPN
It had to happen. Someone has an article on why you can’t rely on https.
Some sites use it only for log-in. Once past log-in, you can still be hacked, if the attacker is on the same wireless connection and has a product like Firesheep.
The article says HTTPS can be broken, but it’s not easy for the uninitiated. I guess hackers have their own rites of passage and “tribunals”.
HTTPS also depends on a certificate system that can be forged.
I’ve used it in motels with no problems (with motel WiFi). But I prefer to use my secure Verizon MiFi card most of the time. It’s fast enough for blogging and email. The best hotels (like a Holiday Inn Express I used in NYC's Chelsea area) have a hard-wired cable for Internet.
The authors recommend use of a personal VPN, their own product “Private WiFi”. I cannot speak for it personally, but the site offers a “free trial”.
The main article (indirectly tweeted by Webroot recently) is here.
Electronic Frontier Foundation transmits all of its content under https without requiring a logon. I’m not sure this is necessary.
I do think that these days smaller business sites will consider outsourcing their credit card processing so they don’t have to require logons or keep information.