Sunday, April 22, 2012

Testing Times Ahead For Online Security?

A little while back a group of Germans known as "The Hackers Choice" released a piece of software that "specifically targets deficiencies within SSL". In light of the many groups currently who assume to be our cyber-saviours, I'm a little skeptical. Whilst I fully agree with the principal that on the whole we should be able to rely on any given security standard to keep our most prized data safe, recent events have shown anything other but this (SSL Cracked).  I really don't think they're going to reach the masses. I mean, how many people actually know what SSL stands for anyway? As long as it doesn't hamper their online shopping, facebook/twitter oriented existence they just don't care.

As with plenty of other technologies that have gone by the wayside, at their peak they were the best thing since sliced bread; vhs, walkmans, CRTs... you get my drift.
Is it perhaps time we added some of our dated encryption methods to that pile of bygones too?

You only have to look at the history of various encryption algorithms, developed as far back as the late 80's or early 90's (RC4, AES). Half of us don't own cars that old (well, I may be an exception to that one!) so why are we trusting clearly out-dated encryption standards? Perhaps Convergence is the new generation of security we really need. 


I realise that not just anyone can open up their system and set about wiring half of the UK's GDP to their offshore account in under thirty minutes. However, the fact that weaknesses (many) have been highlighted is enough for me to question the viability of things like online banking, do I really need it? The answer to that is no, I don't need it, but I want it all the same it's a convenience. That's what everything is built upon, convenience. With a little security thrown in for good measure. Well maybe I want a lot of security, after all I'm using your website to buy goods with my credit card, I'd like to be able to rely on you when you say it's secure.....



No comments:

Post a Comment