¿whyporqué?

We're gonna blog like it's 1999.

Bottom Line: episode I - Them Certificates Be Sweatin Me

on October 16th, 2011
Bottom line: if you’re shopping online and you got to the page where you’re supposed to enter your credit card information, make sure you don’t see any of these:

if you do, run like all hell. You’re sailing in shifty waters.
(Click below to read the top line)

Ever ran into this?

Or this?

You must have seen this…

And then you just disregarded, clicked on ‘I understand the risks’, ‘Add security exception’, or applied any other of the equivalent subconscious quick-riddance schemes to get on with whatever you had intended to do in the first place.

But fear not! I’m not here to be sweatin you about these habits of yours. I’m here to tell you that it’s often harmless to do this, but more importantly, I’ll give you a clue on when you should reregard these warnings.

A Few Things you Should Know About Certificates
- you can think of certificates as documents which guarantee that you are indeed on the website your address bar shows (no impostors) and your connection is secure (no eavesdroppers).
- certificates are a big deal, they are issued by special entities called Certificate Authorities which are either government institutions or licensed commercial certificate authorities, which in turn undergo rigorous annual security audits.
- your browser and operating system (Windows, MacOS, Unix) contain certificates from all the trusted CAs, based on which they can identify whether the site’s certificate was issued by one of the good guys
- anyone can make a certificate, but this is exactly what those error messages are telling you. “This guy, sure he has a certificate, but he made it himself and none of the big guys checked him out yet, so you have no guarantee that what you do here is kept secret.”
Now Back to the Good Part
It’s mostly up to you to decide what should be kept secret and what doesn’t have to be. The piece of advice I can give you on the topic is when you definitely should insist on a trusted certificate - when you’re handling payment or sending any kind of data that could lead to information about payment, e.g. your e-mail account password where you have your paypal account password.

Bottom line: if you’re shopping online and you got to the page where you’re supposed to enter your credit card information, make sure you don’t see any of these:

if you do, run like all hell. You’re sailing in shifty waters.

by zoltanmaric
1. whyporqueblog posted this