Mohsen
?Are SSL certificates realy trusted and secure
by
, 11-21-2011 at 12:38 AM (138972 نمایش ها)
We all use SSL and digital Certificates most of the time in our everyday life ... for example checking our emails or bank accounts and .other very important affairs on internet world
Although we all know that the security is not absolute at all,but we all trust on SSL and digital signature certificates most of the time .
Because we trust on the Security companies that provide certificates ...
Well, to correct the above paragraph I should change the tens of the verbs !! " We had trusted before , but do not anymore !! "
Some of these popular companies server had got hacked and their certificates has been stolen !
These stolen certificates are now used to steal sensitive information . many of this security companies never declare that they have been a victim of hackers and because of that the security of many people may be affected
!
?How to check the certificate
Actually your web browser do the check for you ! be aware to always update your web browser . but there are few controls that you can do yourself . at first let's look at the bellow screenshots
:
You can see the browser security alert ! and more important you can see that the GEO Trust company verified it !! "Thawte " company provide the real certificate for googgle mail !( Not GEO Trust ) and the first certificate was the stolen one !!
you can check the certificate yourself too
:
This screenshot shows the gmail true page with correct SSL certificate .
Although the GEO Trust company never mentioned that they were hacked and their certificate was stolen ! , but If you use the updated browser you can easily find out.
As I am not trusted on my ISP I always check it myself and this is the third time that I saw Geo Trust certificate when I was going to check my emails on gmail.