In December 2015, the site Let's Encrypt began offering a free SSL certificates using the Beta program. Right after that, when the service came into life it noted that in fact they don't give a full credibility.
On the page we can see the prefix HTTPS in the browser. This shows the establishing secure connection to the websites. The certificate ensures then that all transactions are confidential, which is safe for companies operating in e-commerce.
Is it worth to trust?
Businesses know that on trusted sites selling SSL Certificates will count an expense of $ 10 to $ 200. These prices are dependent on what type of protection gives a certificate and what it really involves. The costs can be further increased, because site owners are looking for the lowest available offer. However, there are also those who choose the free option is not always trusted.
Trend Micro has proved that free Certificates are also a tasty morsel for hackers. It is all about distributing malware servers through a gap on the site. Then they break into a site using the free Certificate and get access to the system without the user's knowledge. The process that perform hackers is called "Domain Shadowing" - a technique that allows them to create malicious subdomains on trusted sites. Hackers impersonate a real website and use it to serve ads with malicious software. The owners are not aware of the attack.
Business services should pay special attention to such attacks because of the risk of stealing user's data.
The case was further tested by Trend Micro - they have already sent an official request on the site, which provides the free Certificates.
To avoid such situations you should always use the services of trusted sellers. Data security is the most important thing. See on our site the full range of proven certificates from trustworthy vendors.
The European Union Agency for Network and Information Security (ENISA), which is the center of knowledge about cyber security in Europe, organizes as every year in October the European Cyber Security Month. The campaign is starting in a few days. What is its purpose and how can you participate in it?
General Data Protection Regulation (GDPR) is a 99-article regulation meant to protect the private data of Europeans in IT systems. Announced in 2016, covers a broad variety of topics and will go into effect as a requirement on May 25, 2018. GDPR applies to any company doing business in Europe even if it is located elsewhere.
In November this year we wrote about the need to replace SSL certificates issued by Symantec Group. Find out the dates when you need to re-issue your certificates.