Secure Web

 

 

[Home]

[Up]

 

Buying On-line / confidential information !?

If you are going to do any on-line shopping (or anything that requires confidentiality) one important thing you should consider is making sure that your transaction is secured.

How do you know
if a web page or web form is secured?

Whenever entering / viewing sensitive personal information (such as checking account or credit card numbers) at any website, make sure that the website encrypts the information you send to, and receive from, the site. Whenever sensitive information is involved, always check if the web form / page you are using has SSL encryption type of security in two ways:

Check to make sure the URL begins with "https" rather than "http" whenever sensitive information is involved:

Look for a lock icon on the bottom left or bottom right of your browser:

Security Certificates:

When accessing a secured web page / form you can (with most browsers) check the security certificate (Site ID) by selecting the security icon. The security certificate is the site identification (who they are) that is providing the secure connection.

Certificate Warnings:
When visiting a secured web you may encounter a message similar to this 'Information you exchange with this site cannot be viewed or changed by others. However, there is a problem with the site's security certificate'.

  1. The security certificate was issued by a company you have not chosen to trust. View the certificate to determine whether you want to trust the certifying authority.

    This DOSE NOT mean that this site is not secure or that the site is untrustworthy, it just means that they used their own site certificate and not a third party certificate that have automatic 'trusted' acceptance which sometimes cost the site owner lots of money to get. As long as there is a padlock and the URL has the 'HTTPS' in the front, the connection to the site is secured. Again you can always take a look at the certificate, if you trust the company / site that you are interacting with and know that they are who they say they are then accept the certificate and proceed with the transaction (use own judgment). Most browsers are installed with a list of ROOT (authoritative) certificates to automatically accept. Install/add the certificate to your trusted list only if you trust that they are who they say they are. Once the certificate is installed you should not to see this warning in the future.
     
  2. The security certificate date is invalid.

    Authoritative certificates have an expiry to force the entity using it to re-register the certificate on a regular bases. This keeps records up-to-date (and makes money for the authoritative third party).
     
  3. The name on the security certificate is invalid or does not match the name of the site.
     
    This one is the message you should really pay attention to. This means that the certificate does not belong to the web site URL that it is being used for. It could be just a mistake by the webmaster using the wrong URL, however the purpose of the the security certificate is to allow you a means to verify that you are interacting with the document/ system/ web/ company you intend to interact with.
    4.

 

 

 [Welcome] [Services] [Hosting] [Protection] [News] [Forum] [Other]