WebsiteGear Logo Log In
New User? Sign Up
About | Contact | FAQ
  Home News Technology Internet Security Thursday, March 28, 2024 
Add Press Release News | News Feeds Feeds | Email This News Email


Initiative to Make the Internet Private and Secure Potentially Gone Wrong?
Wednesday, July 28, 2021

Computer Scientists and Cyber Security Researcher Stefan Certic warns emerging Security as a service can be a double-edged sword

BELGRADE, Serbia, July 20, 2021 /PRNewswire/ -- Computer Scientists and Cyber Security Researcher Stefan Certic warns emerging Security as a service can be a double-edged sword.

Modern asymmetric cryptography, in its essence, provides a viable solution ensuring the authenticity of a website while browsing the web and prevention of man in the middle decryption by third parity.

Privacy benefits inspired the Encrypted Web Initiative back in 2014 - when major Search engines announced that encrypted web communication will translate as a positive signal in search engine ranking. Following years, the SEO race made us to a point that the majority, 51.8 percent of websites use SSL.

Most internet traffic is now encrypted in transit using Transport Layer Security (TLS) - hence ISP or "a guy next-door" can't decode your surfing data or even passwords through ethernet or Wifi sniffing. Mission has been accomplished.

So, what could go wrong?

Imposed changes required a bit of technical knowledge by website owners to implement which was a perfect business opportunity adopted by a couple of startups - translated as "Let us do it for you" - Just point your Name Servers to us, and we will handle the rest.

According to public data, SECaaS companies protect at least 12 million websites, adding approximately 20,000 new customers every day. These numbers are getting drastically higher and already occupy around 20% of Global Internet Traffic.

As opposed to the primary idea of Public Key Infrastructure, SECaaS had something different in core concept.

- Ensure you can't reach the origin server directly. Protecting the owner, not the user.
- Ensure encryption takes place at the edge of such service or In other words, re-encryption, a legit "Man in the middle", so you don't need to become a cryptography expert to follow up with Search Engine initiative as website owner.

With all the hats off to Initiative and attempts to make the web a more secure and private place for end users, however, modern Internet ended up with a few fundamental problems.

- Inability to validate the origin server is what is supposed to be.
- Inability to prevent theoretical man in the middle interceptions, putting SECaaS into a privileged position to sniff traffic and execute an attack.

Essentially the whole concept of cryptography got broken the very same moment millions of keys are held at the very same place that also transits the traffic, encrypted using the very same keys.

Does that mean interception of traffic no longer can be executed by a "guy next door", your ISP, or a suspicious car parked across the street, yes! However, single email request for your data towards SECaaS providers theoretically can result in obtaining full set of data no matter where you are in the world - warns Certic in recent blog post published on his Information Security Consulting firm - https://www.certic.info

This press release was issued through 24-7PressRelease.com. For further information, visit http://www.24-7pressrelease.com.

View original content:https://www.prnewswire.com/news-releases/initiative-to-make-the-internet-private-and-secure-potentially-gone-wrong-301336689.html

SOURCE Stefan Certic



Email This News Email | Submit To Slashdot Slashdot | Submit To Digg.com Digg | Submit To del.icio.us Del.icio.us | News Feeds Feeds

RELATED NEWS ARTICLES
Nav El Cajon, CA: Deep Cycle Battery San Diego Partners with 5th Gear Marketing for Enhanced Digital Presence | Mar 27, 2024
Nav Network Services Market Top 10 Growth Opportunities in 2024 - Self-healing, AI, and ML Components Drive SD-WAN Growth | Mar 27, 2024
Nav New Solution from ControlUp Slashes Organizational Risk while Boosting Compliance and Productivity | Mar 27, 2024
Nav AV-Comparatives: Celebrating 20 Years of Excellence in Cybersecurity Testing | Mar 27, 2024
Nav Sandfly Security Secures Funding from Gula Tech Adventures & Sorenson Capital for its First-of-a-Kind Agentless Linux Security Solution | Mar 27, 2024
Nav ReasonLabs Enhances Industry-Leading Consumer DNS Filtering Product Safer Web | Mar 27, 2024
Nav SlashNext Wins Gold for Best Email Security and Management at 2024 GlobeeĀ® Awards | Mar 27, 2024
Nav Lumen Disrupts Cybercriminals Targeting Home and Office Routers | Mar 27, 2024
Nav Simplilearn Bags Two Awards at the EC-Council Global Award for the Sixth Time | Mar 27, 2024
Nav Asia Pacific Gift Card and Incentive Card Intelligence Report 2024: Market to Grow by 8.3% to Reach $235.7 Billion in 2024, Driven by Entry of New Players Across the Region | Mar 27, 2024
NEWS SEARCH

FEATURED NEWS | POPULAR NEWS
Submit News | View More News View More News