What is SSL, TLS, https & why are they your friends?

securityDo you know what SSL, TLS, and https mean and do? You deal with SSL, TLS, and https whether you know it or not and it is very important!

TLS = Transport Layer Security
SSL = Secure Socket Layer
https = Hypertext Transfer Protocol Secure

Private and sensitive information gets sent over the internet all day so what is preventing someone from stealing that information? In order for information to be securely transferred over the internet 2 basics are needed.
1. Confirm server identity
2. Encrypt communication with serverIdentity

You don’t want to send information to someone who is impersonating the person you actually want to send it to, do you? SSL and TLS provide a way to verify the identity of the recipient. In it’s simplest form, there are many companies that will give people digitally signed certificates vouching for that person saying in essence, “we have checked to make sure this person is who they say they are and we think you can trust them.” When you browse the web, your browser has a list of companies that it will trust to tell you who you can trust. So, when you connect to a server your browser can check their certificate and if it is signed by one of the companies that you trust then your browser will trust it.

Private conversations are good when you are sharing sensitive or private data. You don’t go walking around on the street shouting out your birthday, credit card number, and social security number so why would you do it on the internet? shoutingTLS and SSL provide a way for you to have a private conversation with a server so that others can’t “listen in” on your conversation by encrypting the data. Most data on the web is transferred using http but when it is secured using TLS or SSL it is called https.

It’s important to know when you are or aren’t using https when browsing the web to protect your information. Most browsers have visual indicators to show that https is being used. Make it a habit to make sure that your information will be secure before sending or retrieving that data.

Resources to learn more of the nitty gritty of SSL, TLS, and https
TLS:
http://en.wikipedia.org/wiki/Transport_Layer_Security
http://www.ietf.org/dyn/wg/charter/tls-charter.html

SSL:
http://www.verisign.com/ssl/ssl-information-center/how-ssl-security-works/index.html
http://video.google.com/videoplay?docid=7130470471741831613&ei=JETxSrXaC5v-qAPLzKWxDQ&q=ssl&hl=en&view=2&client=firefox-a#

https:
http://en.wikipedia.org/wiki/HTTP_Secure
http://www.ourshop.org/resources/ssl.html

Images via CC BY 2.0
Lock and Chain: http://www.flickr.com/photos/bala_/
Silheuette: http://www.flickr.com/photos/narciss/
Yelling: http://www.flickr.com/photos/demibrooke/

Browser Security

pwn2own_browsersI have been upset with Google for taking soo long to put out their Apple version of their Chrome browser. After reading an article on ZDNet about the Pawn2Own hacker event maybe I can give Google some slack. :-) I still want my Chrome ASAP if it is as good as the windows version though. Google seems to be heading in the right direction with their sandbox model for their browser. I am sad that Apple has done so little to create road blocks for hackers but I guess that is expected when you have such a low market share. Now go and read the article and make your own decision on what browser you are going to use. Questions for Pwn2Own hacker Charlie Miller