Online SSL News

Welcome to Carl’s Corner

5 votes, average: 3.40 out of 55 votes, average: 3.40 out of 55 votes, average: 3.40 out of 55 votes, average: 3.40 out of 55 votes, average: 3.40 out of 5 (5 votes, average: 3.40 out of 5, rated)

I’ve taken over the RSO blog, shh… they don’t know yet. [Editor’s Note: We know]

Can you keep a secret? I noticed nobody was using this blog so I’m taking it over. Yep, consider this my first corporate takeover. Kind of.

Anyway, RSO – which is the shorthand I use for – isn’t really doing much but posting poorly written SEO articles on here so I figured we could touch it up a bit and I’ll start ranting posting missives a couple times a week.

Oh, I guess I should introduce myself. I’m Carl. I was born in the depression era and spent my early adulthood as a farm hand in California. I was lonely, save my good friend Lennie, a large, simple man who had no concept of his size or strength. One day, he accidentally broke a woman’s neck and I had to put him down myself, lest a mob get him. You know what they say, even the best laid plans of mice and men often go awry. [Editor’s Note: None of this is true]

Anyway, after that I moved East, had a family, bought a computer and now here I am today. I won’t lie, it’s complicated being the only cartoon in the office. There’s a lot of things you wouldn’t anticipate that end up being a problem. For instance, if I run anywhere I tend to kick up a cartoonish cloud of dust, which – cartoonish or not – irritates my co-workers. I can also only eat cartoon food, which makes Friday lunches a challenge since not many restaurants have a specialty menu. I can buy a gluten free pizza, but not a cartoon one—and everyone knows cartoon pizza looks way better than real pizza.

I’m getting distracted. My point in taking over this blog is to help you avoid making the same kinds of internet mistakes I make. I get fooled a lot, phished a lot, duped a lot. You know who else gets into a lot of trouble online? Al Gore. And considering him and I created the internet [Editor’s Note: Nope] back in the 90’s, that says a lot about the current state of web security.

I’m an expert in getting into trouble. But I learn… eventually. And I can teach you about web security and how to avoid the same pitfalls I’ve had. So join me as we delve into this crazy thing called the internet. And if you see Al, give him a hug. He’s spent the last ten years rambling on about emissions, which is ironic for anyone who farts in their sleep as much as Mr. Gore does…

Don’t ask me how I know that.

Stay cautious, my friends.

Google HTTPS Update: Blogger Blogspot Now Will Support HTTPS

4 votes, average: 3.00 out of 54 votes, average: 3.00 out of 54 votes, average: 3.00 out of 54 votes, average: 3.00 out of 54 votes, average: 3.00 out of 5 (4 votes, average: 3.00 out of 5, rated)

“HTTPS” has become a crucial part in the Internet Security since it was adopted as one of Google’s core algorithms in their Search Engine results. Google’s role in the adoption of encryption has not been a minor one at all, often Google has been found to be pushing the boundaries and converting people sooner rather than later. Google has massively adopted the encryption technology for their highly reputable and widely used products such as Search, Gmail, Drive, and many other products. Recently, their ads business model also has been migrated over to HTTPS.

Read More Google HTTPS Update: Blogger Blogspot Now Will Support HTTPS

Internet Security: Google discovers 9,500 new malicious sites daily

4 votes, average: 3.00 out of 54 votes, average: 3.00 out of 54 votes, average: 3.00 out of 54 votes, average: 3.00 out of 54 votes, average: 3.00 out of 5 (4 votes, average: 3.00 out of 5, rated)

Google Web Security Updates for Malicious Websites

Google published statistics yesterday that revealed 9,500 new malicious websites are discovered every day through its Safe Browsing initiative.

Niels Provos of the Google Security Team said: “These are either innocent websites that have been compromised by malware authors, or others that are built specifically for malware distribution or phishing. While we flag many sites daily, we strive for high quality and have had only a handful of false positives.”

Not only that, but between 12 and 14 million Google Search queries every day return results that include at least one hacked site, Google says. A full 300,000 downloads per day, meanwhile, get flagged with a warning through Google’s download protection service for Chrome.

“The threat landscape changes rapidly,” Provos said. “Our adversaries are highly motivated by making money from unsuspecting victims, and at great cost to everyone involved.”

‘Sophisticated phishing’
The details behind some of these new statistics are illuminating.

In the realm of phishing, for instance, many attackers continue to emphasise online commerce sites like eBay and PayPal, Provos noted. Their methods, however, are becoming more creative and sophisticated.

Many phishing sites remain online for less than an hour so as to avoid detection, for example; such sites are also becoming more diverse and are increasingly used to distribute malware, he added.

Social engineering on the rise
Focusing on malware, Google’s Safe Browsing effort identifies two kinds: legitimate sites that are hacked on a mass scale to deliver or redirect to malware – often via “drive-by downloads” – and attack sites that are specifically built to distribute malware.

“As companies have designed browsers and plugins to be more secure over time, malware purveyors have also employed social engineering, where the malware author tries to deceive the user into installing malicious software without the need for any software vulnerabilities,” Provos explained.

“Fake Anti-Virus” alerts, for example, masquerade as legitimate security warnings even as they infect the user’s computer with malware.

Socially engineered attacks are not yet as common as drive-by downloads, but they’re “a fast-growing category likely due to improved browser security,” Provos said.

Google Webmaster Tools
Google sends thousands of notifications every day to webmasters and ISPs, and its Safe Browsing effort currently helps to safeguard some 600 million users through built-in protection for Chrome, Firefox, and Safari.

Still, the company urges users to help by taking its warnings seriously when they come across one, and by helping to identify bad sites such as by selecting the check box on the red warning page in Chrome.

Website owners, meanwhile, should register with Google Webmaster Tools, the company says. “Doing so helps us inform you quickly if we find suspicious code on your website at any point,” Provos explained.

For the future, Google’s Safe Browsing team is now working on instantaneous phishing detection and download protection within Chrome; Chrome extension malware scanning; and protection for Android applications.

How to secure Yahoo Mail Web sessions with SSL

4 votes, average: 3.00 out of 54 votes, average: 3.00 out of 54 votes, average: 3.00 out of 54 votes, average: 3.00 out of 54 votes, average: 3.00 out of 5 (4 votes, average: 3.00 out of 5, rated)

Understand Yahoo Web Mail Security with SSL Certificate

Yahoo Mail now supports SSL encryption for e-mail sessions through a Web browser. Disabled by default, we’ll show you how to enable SSL for enhanced security.



Yahoo Mail for Web joins its mobile apps with support for SSL sessions.
(Credit: Screenshot by Ed Rhee/CNET)

Using SSL encryption with Web-based e-mail services offers enhanced security over snooping, especially when connected over public Wi-Fi networks (think McDonald’s, Starbucks, or the public library).

Gmail blazed the SSL path for Web-based e-mail several years ago and Hotmail followed suit, but Yahoo offered SSL only for logins, not the entire session. If you’re a Yahoo Mail user, you’ll be happy to know that SSL is now supported for the entire e-mail session. Here’s how to turn on SSL for your Yahoo Mail account:

Step 1: Go to gear icon in the upper right-hand corner and select “Mail Options.”



(Credit: Screenshot by Ed Rhee/CNET)

Step 2: At the very bottom of General Mail Options, check the box next to “Turn on SSL.”



(Credit: Screenshot by Ed Rhee/CNET)

Step 3: Immediately after you check the box, you’ll get a pop-up message informing you that a refresh will be required. Click OK to continue.

Step 4: Click the orange Save button at the top of the Options tab.
That’s it. After a refresh, you’ll automatically be taken back to your inbox and you should see “https:” in front of the URL in the address bar of your browser, as well as a lock icon.