WebsiteGear Logo Log In
New User? Sign Up
About | Contact | FAQ
  Home News Technology Internet Security Monday, September 20, 2021 
Add Press Release News | News Feeds Feeds | Email This News Email


Initiative to Make the Internet Private and Secure Potentially Gone Wrong?
Wednesday, July 28, 2021

Computer Scientists and Cyber Security Researcher Stefan Certic warns emerging Security as a service can be a double-edged sword

BELGRADE, Serbia, July 20, 2021 /PRNewswire/ -- Computer Scientists and Cyber Security Researcher Stefan Certic warns emerging Security as a service can be a double-edged sword.

Modern asymmetric cryptography, in its essence, provides a viable solution ensuring the authenticity of a website while browsing the web and prevention of man in the middle decryption by third parity.

Privacy benefits inspired the Encrypted Web Initiative back in 2014 - when major Search engines announced that encrypted web communication will translate as a positive signal in search engine ranking. Following years, the SEO race made us to a point that the majority, 51.8 percent of websites use SSL.

Most internet traffic is now encrypted in transit using Transport Layer Security (TLS) - hence ISP or "a guy next-door" can't decode your surfing data or even passwords through ethernet or Wifi sniffing. Mission has been accomplished.

So, what could go wrong?

Imposed changes required a bit of technical knowledge by website owners to implement which was a perfect business opportunity adopted by a couple of startups - translated as "Let us do it for you" - Just point your Name Servers to us, and we will handle the rest.

According to public data, SECaaS companies protect at least 12 million websites, adding approximately 20,000 new customers every day. These numbers are getting drastically higher and already occupy around 20% of Global Internet Traffic.

As opposed to the primary idea of Public Key Infrastructure, SECaaS had something different in core concept.

- Ensure you can't reach the origin server directly. Protecting the owner, not the user.
- Ensure encryption takes place at the edge of such service or In other words, re-encryption, a legit "Man in the middle", so you don't need to become a cryptography expert to follow up with Search Engine initiative as website owner.

With all the hats off to Initiative and attempts to make the web a more secure and private place for end users, however, modern Internet ended up with a few fundamental problems.

- Inability to validate the origin server is what is supposed to be.
- Inability to prevent theoretical man in the middle interceptions, putting SECaaS into a privileged position to sniff traffic and execute an attack.

Essentially the whole concept of cryptography got broken the very same moment millions of keys are held at the very same place that also transits the traffic, encrypted using the very same keys.

Does that mean interception of traffic no longer can be executed by a "guy next door", your ISP, or a suspicious car parked across the street, yes! However, single email request for your data towards SECaaS providers theoretically can result in obtaining full set of data no matter where you are in the world - warns Certic in recent blog post published on his Information Security Consulting firm - https://www.certic.info

This press release was issued through 24-7PressRelease.com. For further information, visit http://www.24-7pressrelease.com.

View original content:https://www.prnewswire.com/news-releases/initiative-to-make-the-internet-private-and-secure-potentially-gone-wrong-301336689.html

SOURCE Stefan Certic



Email This News Email | Submit To Slashdot Slashdot | Submit To Digg.com Digg | Submit To del.icio.us Del.icio.us | News Feeds Feeds

RELATED NEWS ARTICLES
Nav Cybint partners with CyberOps Training Academy to foster Texan cybersecurity talent | Sep 20, 2021
Nav Cognician Launches New Information Security Activation Program | Sep 20, 2021
Nav EarthLink Expands Customer Service Division with New U.S. Call Center | Sep 20, 2021
Nav Digital Medicine Society's Playbook Initiative Publishes Review of Digital Clinical Measures Research in JMIR | Sep 20, 2021
Nav Apcela Enables Enhanced Encryption for AWS GovCloud, Azure Government | Sep 20, 2021
Nav CUJO AI Protects 40 Million Households, Creates New Revenue Streams for Network Operators | Sep 20, 2021
Nav 8 Tips That Can Help Drivers Pay Affordable On Car Insurance Premiums | Sep 20, 2021
Nav iboss Named Security Cloud/SaaS Company of the Year by GlobeeĀ® Awards | Sep 20, 2021
Nav In Tether Hack, US$3.1 Million Worth of Cryptocurrency Stolen from Taiwanese Antique Dealer | Sep 10, 2021
Nav Global Homeland Security Market (2021 to 2026) - Industry Trends, Share, Size, Growth, Opportunity and Forecasts | Sep 10, 2021
NEWS SEARCH

FEATURED NEWS | POPULAR NEWS
Submit News | View More News View More News