HTTPS Not Secure Anymore

Arafath Hashmi | April 14, 2011 | 0 Comments

HTTPS (Hyper Text Transfer Protocol Secure) is not secure anymore, yes it’s absolutely true, now we can’t trust any of the HTTPS connection. HTTPS connections are the most trusted ones as per all the Internet users, but due to some of the idiot CA’s ( Certificate Authorities ), now the secure protocol is in danger. Recently some hackers group hacked in to the COMODO certificate authority and issued some fake certificates on the name of Google, Microsoft, Yahoo etc.

Means using some spoofing techniques now they can easily bluff the people to show a phishing site as a legitimate one. Now all the option we have left is while doing any transactions check everything is in proper way or not ?, or else you may lose your personal and financial info. As per PC World Magazine…

Aside from suggesting that certificate authorities do their job properly, the EFF suggests that browsers and other Internet software could only accept SSL certificates for genuine (fully qualified) domain names. After all, it should be impossible for a connection to take place to something like “https://mail,” yet browsers don’t check for such transgressions (as anybody who’s mistyped an address will know).
The SSL certificate system has been under significant attack recently. A hack attack on one of the biggest certificate authorities has brought into question the entire system and made many realize that the system is in drastic need of updating for 21st century demands. At the moment there are over 600 certificate authorities around the world that major browsers trust–that is, Internet Explorer, Mozilla Firefox, and so on.
Ultimately, all of this means that we can no longer fully trust HTTPS connections. However, until schemes like DNSSEC come online, we simply have no choice but to do so. Keeping common sense with us at all times will help. If you visit your bank’s home page, for example, and they suddenly seem unable to build proper sentences, then there might be something wrong

Microsoft already released a patch for this bug, and we have to see what the answers we will get from CA’s. What do you think are these CA’s are irresponsible in handling the security of internet ?, let me know your comments in the below section.