Friday, March 07, 2008

SSL Certificates Not Always Secure

This is an interesting story that came out yesterday on the Associate Press wire. It's about how SSL certificates aren't always as secure as they claim to be. It says criminals can forge the certificates, which are supposed to be a third-party verification of a site's identity.

It also says, on another level, that SSL itself is no guarantee of security. SSL can encrypt the transaction but, if the site itself has security holes, all SSL is doing is protecting an insecure transaction.

None of this is news, but it was a bit of a surprise to see it appear in the mainstream media, like AP.


Post a Comment

<< Home