Tuesday, April 13, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Security

Cybersecurity: The web has a padlock problem – and your internet safety is at risk

November 29, 2019
in Internet Security
Cybersecurity: The web has a padlock problem – and your internet safety is at risk
585
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

In the age of surveillance, end-to-end encryption must be protected
Encryption protects us, so maybe it’s time for us to protect it. But no answer to the encryption debate is without a downside.

Internet users are being taught to think about online security the wrong way, which experts warn might actually make them more vulnerable to hacking and cyberattacks. 

You might also like

These new vulnerabilities put millions of IoT devices at risk, so patch now

Who do I pay to get the ‘phone’ removed from my iPhone?

Criminals spread malware using website contact forms with Google URLs

Websites that want to demonstrate their secure credentials will usually do so by displaying a padlock sign in the address bar that aims to show the website is using HTTPS encryption.

The Hypertext Transfer Protocol Secure (HTTPS) is the more secure version of the Hypertext Transfer Protocol (HTTP) used across the web to load pages using hypertext links – it’s there to transfer information between devices, allowing users to enter and receive information.

SEE: 10 tips for new cybersecurity pros (free PDF)

HTTPS encrypts that information, allowing the transmission of sensitive data such as logging into bank accounts, emails, or anything else involving personal information to be transferred securely. If this information is entered onto a website that is just using standard HTTP, there’s the risk that the information can become visible to outsiders, especially as the information is transferred in plain text.

Websites secured with HTTPS display a green padlock in the URL bar to show that the website is secure. The aim of this is to reassure the user that the website is safe and they can enter personal information or bank details when required. Users have often been told that if they see this in the address bar, then the website is legitimate and they can trust it.

However, as security researcher Scott Helme warned in his keynote address at the SANS Institute and National Cyber Security Centre (NCSC) Cyber Threat 19 conference in London, this information is potentially misleading, because it isn’t difficult for cyber attackers to register HTTPs domains for use in phishing attacks and other hacking campaigns.

But because web users have been told the padlock is a sign of safety, they’re potentially vulnerable to falling victims to attacks.

“This is why phishers are using it on phishing sites, because they know that people who use the websites think that means its OK when it’s not,” said Helme. “The padlock doesn’t guarantee safety, it never has, that’s just a misunderstanding of the interpretation of what this actually means.”

In December 2017, a television advert for Barclays Bank in the UK warned users to check for a green padlock to ensure that the website is genuine. There were complaints that this advice was misleading, because it would be possible for attackers to exploit HTTPS for their own ends.

The complaint was upheld by the Advertising Standards Authority, which concluded that the advice from Barclays was inaccurate because “the padlock measure alone could not ensure safety”.

Because it turns out, it’s actually relatively easy for a criminal to acquire HTTPS for malicious websites to help them look entirely legitimate. Buy buying a Transport Layer Security (TLS) certificate, attackers can encrypt traffic on their fake website and make it look legitimate. And because the traffic is encrypted, the browser can be fooled into believing that website is safe. 

“Cyber criminals started to use HTTPS and their trust scores can be higher than normal websites, they really care about this stuff,” said James Lyne, CTO at SANS Institute.

So by asking the user to notice when something is wrong, it’s putting unfair pressure on them, especially, as Helme argued, as it doesn’t happen in other aspects of life.

He pointed to cars and how there isn’t a warning light that tells the driver everything is OK. That light only comes on when the driver needs to be aware of an issue, there’s no light or alert that appears just to show that things are working as expected – and that model should also be applied to the internet.

SEE: A winning strategy for cybersecurity (ZDNet special report) | Download the report as a PDF (TechRepublic)

“We should only be bugging the user with new information when there’s a problem, not when everything is OK, not when the connection is secure. It should be that all connections are secure and that’s the default and a non-encrypted connection is the exception,” Helme explained.

“We need to flip the model around, we need encryption to become the default and non-encrypted HTTP to become the exception, the thing that we warn about – like the warning light on your car, indicating there is a problem,” he added.

Even now, encryption is sometimes discussed as if it’s a bonus when using the internet, when it needs to become the standard way of doing things everywhere on the internet, Helme explained.

“We need it to become so ingrained and embedded into everything that we do that it’s boring and we don’t need to talk about it because it shouldn’t be special. Encryption should be the boring default that we don’t need to talk about,” he said.

The security industry therefore needs to step up and help fix the issue, Helme argued, because by doing this, it takes the responsibility for deciding if a website is safe or not away from the user – something that will help make the internet safer for everyone.

“We need to take encryption and make it the default, universal – it needs to be everywhere,” he said, adding: “The lack of encryption on the web is actually a bug. And what we’re doing now isn’t adding a new feature for an improvement or a new thing: we’re going back and fixing a mistake we made in the beginning.”

In the mean time, it’s going to remain difficult to convince internet users that something they’ve been told means that a website can be trusted can’t actually be used as an indicator of whether the page is safe or not.

“We’ve beaten into people that’s safe, only go to websites with a padlock. But now it turns out that a cyber criminal can go out and buy a padlock for a dollar. That turns it around, so how do you unwire all of that?” said Paul Chichester, director of operations at the NCSC.

“Cybersecurity is a really challenging discipline to operate in. If you think about driving a car and, over many years of driving, you learn certain things and it doesn’t generally change, the practices keep you safe. Nobody tells you not to use the brakes any more,” he added.

SEE: 10 great gifts for the hacker in your life

To fix that, the industry needs to improve its messaging, because cybersecurity can be complicated for the average web user and changing advice all the time isn’t going to help, especially if people stick to adhering to the first thing they were told – like believing the padlock automatically means the website is safe.

“We’re pivoting in much shorter periods of time and, even within our community, sharing practices can be tough, particularly when a new practice isn’t as simple to convey as the original because those ideas stick,” said Lyne. “That’s where the average person has lost reasonable expectation – it’s genuinely hard”.

MORE ON CYBERSECURITY

Credit: Zdnet

Previous Post

Visually Explained: Three Excel Core-Features Even Excel-Pros Don't Know

Next Post

Using Machine Learning To Reveal How the Brain Encodes Memories

Related Posts

These new vulnerabilities put millions of IoT devices at risk, so patch now
Internet Security

These new vulnerabilities put millions of IoT devices at risk, so patch now

April 13, 2021
Apple looking to close the gap between web and app privacy
Internet Security

Who do I pay to get the ‘phone’ removed from my iPhone?

April 13, 2021
Criminals spread malware using website contact forms with Google URLs
Internet Security

Criminals spread malware using website contact forms with Google URLs

April 13, 2021
Bug bounties: More hackers are spotting vulnerabilities across web, mobile and IoT
Internet Security

Critical security alert: If you haven’t patched this old VPN vulnerability, assume your network is compromised

April 13, 2021
Billions of smartphone owners will soon be authorising payments using facial recognition
Internet Security

Billions of smartphone owners will soon be authorising payments using facial recognition

April 13, 2021
Next Post
Using Machine Learning To Reveal How the Brain Encodes Memories

Using Machine Learning To Reveal How the Brain Encodes Memories

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

Machine Learning Approach In Fantasy Sports: Cricket
Machine Learning

Machine Learning Approach In Fantasy Sports: Cricket

April 13, 2021
These new vulnerabilities put millions of IoT devices at risk, so patch now
Internet Security

These new vulnerabilities put millions of IoT devices at risk, so patch now

April 13, 2021
BRATA Malware Poses as Android Security Scanners on Google Play Store
Internet Privacy

BRATA Malware Poses as Android Security Scanners on Google Play Store

April 13, 2021
6 Limitations of Desktop System That QuickBooks Hosting Helps Overcome
Data Science

6 Limitations of Desktop System That QuickBooks Hosting Helps Overcome

April 13, 2021
ANZ Bank: We’ve been using machine learning for 20 years
Machine Learning

ANZ Bank: We’ve been using machine learning for 20 years

April 13, 2021
Apple looking to close the gap between web and app privacy
Internet Security

Who do I pay to get the ‘phone’ removed from my iPhone?

April 13, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • Machine Learning Approach In Fantasy Sports: Cricket April 13, 2021
  • These new vulnerabilities put millions of IoT devices at risk, so patch now April 13, 2021
  • BRATA Malware Poses as Android Security Scanners on Google Play Store April 13, 2021
  • 6 Limitations of Desktop System That QuickBooks Hosting Helps Overcome April 13, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates