Thursday, October 22, 2009

SSL (security socket layer)

SSL, what is that? Have you ever noticed while browsing the web, the 's' in https://etc.etc. When the s is sitting there, that means you are using an encrypted connection. So all data you send out to the web server is locked, and the website has the only key to unlock it. This is really nice when doing online banking, as you don't want anyone listening on your network trying to intercept your banking data. If a hacker is on your network, listening to all of your internet traffic, he wont be able to read the data when you are using SSL.

Well there exists a little vulnerability with all web browsers, that can make you think you are secure, while you're actually not. Sometimes a website wont give you the s at the end of the http until you go to login. You may think that's secure because your data is now being encrypted, but that damage has already been done when you visited the site without the s. A hacker can sit between you and the website, a man in the middle, and intercept all data between you and that website. When you first visit the website, you send the request to the hacker, who forwards it onto the website, who then responds back to the hacker, and the hacker forwards the response to you. So when you click that secure login, you actually tell the hacker you want the secure login, who then talks to the website and gets himself a secure login. He/she then spoofs a secure login back to you, so that you are thinking all of your data is being encrypted. But actually, it's as clear as day to the hacker.

So how do you stop a hacker from being the man in the middle? Well, if you had encrypted the data when you first visited the website, he would have never been able to spoof the secure login, and he'll be locked out completely.

Protect Yourself!

So my advice to you, when you visit a website, no matter what site it is, hand type that s at the end of http and press enter. Most websites support SSL, but you'll be surprised how many don't automatically load with it. Gmail doesn't use SSL unless you set in the options that you want it to. Another suggestion of mine to save you from hand typing that s in all the time, is to bookmark the page with the s in it. That way every time you click the bookmark, you automatically go to the page using SSL.

I implore that anyone reading this, whenever visiting a site that contains personal information, or takes a login and password. Especially when you are on a public hot spot, like star bucks. In one day, it has been possible to record as many as 1200 different pieces of personal information off of a public wifi. That was simply a person sitting with a computer running software, that listens to the net chatter. It could have been negated if people would be using the SSL.

What do you use?

As some of you may or may not know, your browser gives certain tidbits of information away, as you browse the internet. Some people would be unnerved to think of that fact, but really, it helps the internet work for you. Some information that is given away would be: the type of browser your using, your operating system, and your IP address. We can go deeper, but I'll leave it at that.

Well, if you haven't noticed, I keep a site tracker at the bottom of my blog that tracks the amount of users who visit. I get an email every friday of that weeks amount of visitors. It's easy to identify the trends, I get more viewers when I post more, and less when I post less. More visitors visit a post in my blog from a google search, than they do visiting the blog page. Most blogs have this kind of feature, because most people want to know if they have anyone visiting them at all.

Last night as I was messing with my tracker, I learned a couple more statistics that the free one I have provides me. I thought some of them were interesting, and so I'm sharing them with you below.

The first one here show's the percentage of what people use which browser. It's nice to see that a lot of you use firefox which I think is the most secure browser anyone can use. I'm not surprised to see that another big percentage of you are using Internet Explorer. You kind of have no choice considering it comes pre-packaged with Microsoft Windows.

The last thing I'm going to share with you, is the type of OS that most of you are using. I'm not surprised to find that the general population is using windows xp. We've had that OS for a long time now, but we really haven't had anything to make people want to move on. Vista was an utter failure, which is why I'm guessing it only has 1% of people using it. I am surprised at how many people are still on windows NT. That was an amazing operating system, one of the best, but the support for it dropped a long time ago. The 3rd most popular OS on there says other. By other I'm guessing that could be different distributions of Linux.