Ever noticed the “https:” in the URL on your address bar and the small padlock which docks itself nicely at the bottom of your window? Well, if the answer is “Yes”, you were checking a website which has the SSL transmission protocol implemented.

Earlier, we were all apprehensive in making an online payment because we all knew that there are people who call themselves “hackers” who like to live with our money. Then came in a period where in which the whole Internet community constituting all the good people researched on numerous ways to keep those “hackers” at bay. After a lot of painstaking and less fruitful attempts by Netscape as well as a handful of consortiums came the Secure Sockets Layer in the January of 1999.

SSL is a data security protocol and is implemented on websites dealing with sensitive information like an online bank account or an online payment system. The protocol helps millions of users of Internet each day send sensitive information safe and secure from the hands of those prying hackers who hack your bank account number or credit card information and their respective passwords or PINs.

SSL uses certificate authorities to send information over the Internet. When a user requests for a secure website, the browser requests for the secure page and adds the “s” onto the “http”. After that, the browser sends the public key and the certificate checking the following:

  1. Whether the certificate is from a trusted party.
  2. Whether the certificate is valid.
  3. Whether the certificate is related with the site from which it comes.

The browser then uses the public key to encrypt a randomly selected symmetric key. Most systems use a combination of public-key and symmetric key encryption. When two computers initiate a secure session, one computer creates a symmetric key and sends it to the other computer using public-key encryption. The two computers can then communicate using symmetric-key encryption. Once the session is finished, each computer discards the symmetric key used for that session. Any additional sessions require that a new symmetric key be created, and the process is repeated.

All that technical, yet useful process that the SSL cryptographic protocol does helps us a lot in keeping us safe over the Internet. Now, with the SSL implementation, web browsing, e-mail, online payment, online data transfer and even online banking can happen with the safety from those above said hackers.

Explore More

SQL Commandos (usefull for injections)

Here is a list of SQL commands and what they do, these would be used in some injection methods and of course legitimate sql functions. On thier own they wont

Read More

SQLi vulnerabiltiy in irrawaddy store owned by Irrawaddy Publishing Group.

PlanetCreator.Net’s Security Team Member Info Freakzz <infofreakzzz(at)gmail.com> has reported another critical SQL Injection (vulnerability) on http://www.irrawaddystore.com owned by Irrawaddy Publishing Group. These are some information from Vulneral Site http://www.irrawaddystore.com :

Read More

Details on Sarah Pailn’s email break-in

More details on how the hacker managed to break in VP candidate Sarah Palin emerged. The hacker who calls himself “rubico” posted on a blog on the methods he used

Read More