The S in HTTPS

Have no fear and secure using the “s” in “https”

So DuckDuckGo referenced this cool SSL Poem by Amber Wilson and I thought I’d  share a few thoughts on SSL.  And admittedly I think Amber does a better job than DuckDuckGo although how much security info can you share in a Tweet (yes calling you out Twitter :)).

SSL does increase security whereas without using any encryption or surfing the web with non-SSL/http:// then all data transferred is in the clear and open for interception on your LAN, and at any routing point in between your destination.  By encrypting your data with SSL you have some “reasonable” belief that your data has not bee compromised.

However, as the poem goes on to explain, SSL is not without its flaws (eg. heartbleed which was probably exploited in the wild well before the public knew and allowed attackers to read encrypted SSL communication).  There are also various man in the middle attacks that companies use on their LANs to sniff employee traffic.   It’s also possible to decrypt communications if the destination server has been compromised and an attacker has the key (something that happens more than you think).

If you think attackers couldn’t find a way to sidestep such encryption here’s a great article from 2015 explaining how the NSA exploited a weakness in the DH exchange protocol to do just that

So in a practical sense we could compare this to “locking your doors and windows” is your house really secure?  Maybe but not really unless you have taken additional steps to make sure you don’t doors and windows that are easy to break into or if there are backdoors/master keys etc… that come into play.

What do you think?

Cheers!
A. Yasir

Areeb Soo Yasir

Business and technology have always gone hand in hand for me, and now I've built nearly 20 years of expertise. A few notable achievements: -> Tier III-Designed & deployed multiple mission critical datacenter environments in Canada, US, Hong Kong, Singapore & China. -> Software Engineering: Created a Linux OS from scratch, including a custom kernel to maintain millions of dollars in client infrastructure, deploy and report as needed. Created the “Windows Geeks” and “Password Pros” Windows Password Reset software recommended by Microsoft. -> Business Negotiations: Conducted intensive negotiations with branches of the Peoples Republic of China and the various state-run Telecom operations including China Telecom and China Unicom for access to their trillion dollar backbone infrastructure. We were the first western company to have such network access where other IT companies such as Vodafone and Google failed. -> Cloud Infrastructure Creation: Created the first proprietary “Clustered Cloud Architecture” that rivals competing Google, IBM, Microsoft & Alibaba alternatives. I'd love to chat #IT or #Linux or even #Business, so don't hesitate to connect. Cheers!

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *