Quantcast
PCWorld.com is upgrading some back-end systems. Some site features, such as user registration, may be temporarily unavailable.
Subscribe to magazine

Are Web Sites as Secure as They Seem?

Study finds that popular encryption technology isn't always enough--and surfers may be unaware of the danger.

Laura Rohde, IDG News Service

  • 0 Yes
  • 0 No

Up to 18 percent of servers using Secure Socket Layer encryption technology for Web site encryption are potentially vulnerable to hackers, with the problem being far more pronounced in Europe than in the U.S., according to the latest monthly survey of Web server usage conducted by Netcraft.

SSL is a common protocol for managing the security of message transmission on the Internet. Browser-based SSL technology is most secure if the server's public key, used to guarantee the authenticity of a transaction, is at least 1024 bits long.

The use of shorter keys makes it easier for hackers to break the key and impersonate the server, the Bath, England-based company says in a survey posted on its Web site.

Currently, about 60 percent of all Web sites using the SSL technology are based in the U.S. and approximately 15.1 percent of those sites are using short keys, Netcraft says.

World Wide Problem

The proportion of Web sites using potentially vulnerable SSL keys becomes even larger outside of the U.S., the study found. In France, 41.1 percent of SSL sites use the shorter keys, followed by 31.9 percent in Spain, and 26.5 percent in the U.K., Netcraft says.

In Canada, 13.5 percent of SSL Web sites are using short keys, the study says.

Although the U.S. government has eased export restrictions on strong cryptography, earlier restrictions are still having an effect on Net security today, says Netcraft.

"The U.S. export legislation and locally acted legislation to restrict the use of cryptography in countries with repressive or eccentric administrations, does still cast a shadow over the security of e-commerce even years after the acts have been repealed," Netcraft says.

Because it is not obvious to the end user what a server's choice of cryptography is or how many bits are being used in a Web site's SSL encryption key, there is little pressure from end users to improve such security, the survey says. Presently, lock symbols are displayed in browser windows during SSL sessions to indicate that a site is secure, no matter what the length of the key is.

Netcraft suggests that browser developers could help improve future security by displaying a graded indication of key length.

  • Recommend this story?
  • 0 Yes
    0 No
  • Great year-end deals
    for small business!

  • Get 24/7 live remote AT&T Tech Support 360* service along with select Lenovo* PCs (with Intel® Core™ 2 Duo processors) and save up to 200!

    Learn more

  • HP EliteBook* 6930p Notebook with Intel® vPro™ technology and a free HP Basic Docking Station - $641 instant savings!

    Learn more

  • *Other names and brands may be claimed as the property of others. ©2009 Intel Corporation. Intel, the Intel logo, vPro and Core trademarks of Intel Corporation in the United States and other countries. All rights reserved.

Dell End of Year Deals

People who read this also read:

  • 15 Minutes to a Secure Business Get the Secure in 15 toolkit starting with the "15 Minutes Month-at-a-Glance" calendar. McAfee will send you additional tools and tricks to stay protected around the clock.
  • A Buyer's Guide to Data Protection Implementing data protection products and processes can be daunting. Make the right decisions by exploring what is available and what makes sense for your organization. Use this simple guide to evaluate different vendor offerings.

Sponsored Links