Ssl Encryption

Surveys are a great window into people’s minds, especially when they can illuminate contrasting, and even contradictory, behaviors in the same group. Results from the Symantec Online Internet Safety Survey have done just that. The most compelling finding – that respondents frequently proceed with online transactions they know might be insecure – inspired me to ask not just, “What are they thinking?” but “What are they thinking?!?”
The survey’s focus must be on many people’s minds, as we’ve had an extraordinary response – 301 people in just a few days! My initial impressions of the results are below. Feel free to share your comments and questions here.

Findings

Risky behavior remains common despite respondents knowing better: What struck me the most was that in many cases, respondents continued online transactions even when those transactions lacked security cues respondents knew should be there. For example, 80 percent of respondents knew to look for the padlock icon signifying Secure Sockets Layer (SSL) encryption, but only 55 percent said they would abort a transaction if they didn’t see it. Similarly, 81 percent knew to look for secure Internet connections (HTTPS) but only 56 percent got spooked by secure URLs not matching certificate domains (not an exact correlation, I know, but related). These are differences of nearly 30 points! What is driving this reckless behavior?

An equally notable figure is tha...

Twitter is slowly turning on automatic encryption on its website, a move following other major providers of web-based services to thwart account hijacking over wireless networks.

Twitter has offered an option for users to turn on SSL (Secure Sockets Layer) encryption, but said on Tuesday that it will turn the feature on by default for some users. It did not indicate when the option would be turned on by default for all users.
SSL encryption, indicted by "https" in the URL bar and sometimes a padlock in the browser window, is an encryption protocol used to protect communication between a client and a server. It is important to use because unencrypted information passed over wireless networks can be intercepted.

Many websites encrypt a person's login and password but will stop encrypting further data that is transmitted. A reason for not using SSL throughout a session is that it can occasionally slow interaction between the user and website.

Last year, a freelance web application Firesheep released, an add-on for Firefox that snatches cookies transmitted on unencrypted networks. Web sites drop a cookie, or a small data file, into a person's Web browser while they are logged into a session. Cookies are also used to "remember" people and keep them logged into the website.

Firesheep used an technique that was well-known but made it very easy for novice hackers to grab cookies and immediately log into a website as another pe...