All the latest UK technology news, reviews and analysis
|
|
|
28 Jul 2009
Most online users simply ignore 'invalid certificate' warnings despite the security risks involved, according to a recent study by Carnegie Mellon University.
Although VeriSign, one the biggest names behind web certification, recently announced that it has issued more than four million Secure Sockets Layer (SSL) certificates, the research brings into question just how useful they are.
"Everyone knew that there was a problem with these warnings, our study showed dramatically how big the problem was," said Joshua Sunshine, co-author of the Carnegie Mellon paper.
Although warnings can come up due to various technical issues, they exist to help protect users from being redirected to various fake sites or to help catch out typo-squatting, where online fraudsters set up sites with URLs almost identical to their target to catch out those who accidentally misspell an address when typing it in.
According to the study, most internet users simply don't know what the certificates are or what the warnings mean, while others believe they just have to me more careful on sites where these warnings appear.
Interestingly, the results seem to depend a lot on which browser was being used, primarily because the various developers use different language and prompts when displaying certificate warnings.
As a result, users of Mozilla's Firefox 3 browser were the least likely to click through after being shown a warning, and several security warnings created by the researchers themselves were even more effective. According to VerSign, this highlights the need for education and obvious prompts that can help even inexperienced web users to be aware when something may be wrong.
"This research reminds us of the importance of providing usable tools for end users to differentiate between an authentic and an inauthentic web site and emphasises the importance of educating end users on how to use those tools," said Tim Callan, vice president of product marketing at VeriSign.
"That's why the industry has created new interface conventions like the green address bar to make it easier than ever for end users to distinguish between a real site and counterfeit site."
Latest stories from Security
Related articles
Related jobs
Poll
What is the most important IT priority for your company this year?
EU data protection overhaul contains "bureaucratic tick box-proposals", says information commissioner Christopher Graham in exclusive interview with V3
Connect with V3.co.uk
This paper focuses on a series of best practices and techniques for development teams looking to improve their software development processes
Why good data management at all levels is essential in the modern business (video, 6mins)
Technical support Specialist (2/3 rd Line) CCNA...
Aufgabe: - Das Design, die Implementation und Durchführung...
Aufgaben: - Provide basic IT support for the end users...
VPN - WAN - LAN - ASA - FSWM - Cisco - Routers - Swicthes...
Keep up to date with the latest products, services and technologies from the world's leading IT companies. IThound.com brings you over 2,000 white papers, case studies and analyst reports.
Do you agree?
<p>I am also among other web user who are ignoring web certificate because I don't know importance of it. But now I understand its importance, I will be careful from now. </p>
Posted by: disque dur externe multimedia 30 Sep 2009
<p>Hi</p> <p>I have recently found that the largest broadband cable company in the UK, Virgin, launched a site with the wrong certificate (cross linked).</p> <p>I informed them -=they replied a stream of garbage which avoided the plain fact that the site was mis-certified; hadn't changed it in a week so I blocked it.</p> <p>Now we have an apology from Richard Bransen CEO<br /> but a month too late!</p>
Posted by: archie lukas 29 Jul 2009