Are secure connections really that secure?

The little lock icon that appears on a Web browser window frame when a secure connection exists between a browser and a Web server may be lulling users into a false sense of security.

The reality is that secure connections, in which data is encrypted using Secure Sockets Layer (SSL) technology before being transmitted over the Web, is increasingly being used to hide and spread malicious code, according to a report from security vendor Kaspersky Labs.

The issue is certainly not new. Security analysts have for long warned about the possibility of hackers exploiting encrypted SSL connections to sneak viruses and other malicious code past firewalls, antivirus software and intrusion detection systems. But what's lending greater urgency to the issue now is the widespread use of SSL communications by banks, retailers, e-commerce sites and e-mail providers on the Internet, said Shane Coursen, a senior technical consultant at Kaspersky. Are secure connections really that secure?

Linked by shanmuga Friday, 23rd March 2007 12:56AM