How safe are HTTPS connections? Not as safe as you think.

How safe are HTTPS connections? Not as safe as you think.

How safe are HTTPS connections? Not as safe as you think. 1024 403 maxon1212

One of the pillars of internet security has fallen, and until it’s universally fixed, hackers will have the upper hand.

When making an online purchase, any reputable website will require a secure HTTPS connection before requesting payment information and completing the transaction.  HTTPS is the ubiquitous method used by browsers and websites to securely exchange sensitive data.  Its underlying encryption has historically been provided by SSL, which is a familiar term to many Internet users.  SSL uses digital certificates and strong encryption to create a secure tunnel between a web browser and web server.  For online purchases, it allows you to safely enter your account details, provide your credit card payment information and complete the transaction.

Unfortunately, weaknesses have been discovered in SSL encryption. Hackers have used these exploits to break through its security projection.  So that sensitive data you exchanged over an HTTPS connection may not be as protected as you think.  Fortunately, HTTPS can use additional encryptions algorithms that don’t have the weaknesses uncovered in SSL.  Specifically, the TLS or Transport Layer Security algorithm can be used, and it’s already supported by a wide range of web browsers and websites.

But which web sites support TLS, and better yet, which ones have disabled SSL altogether so that only more secure TLS algorithms can be used?  Unfortunately, without running complicated third-party cryptography tools, it’s almost impossible to tell.

In many ways, you place your trust in those vendors that you do business with.  DataMotion specializes in data security and compliance with privacy regulations.  Being a trusted supplier to thousands of organizations over the past 16 years, we do not take that trust lightly.  As part of our continuous security operations, we stay informed of emerging threats like the SSL vulnerability and apply immediate corrective action.  While the security changes occurs behind the scenes, invisible to our users, the relationships we form with our customers are visible in everything that we do.