SecurityRatty: Web Site: Security and Trust

This is cache of http://ravichar.blogharbor.com/blog/_archives/2007/1/18/2662287.html. Cache is the snapshot of article that we took when we index feed.
To see original page click here.
We are not affiliated with the authors of this article and not responsible for its content.

Web Site: Security and Trust

2007-01-18 07:10:00 by RaviC in Musings on Information Security

Many of us have this notion that a web site that is accessible securely through https can be trusted. This is not true. Not all the sites that use https can be trusted. Nothing can stop fraudsters from setting up a https web site. Though https offers security it does not offer trust. Trust is a choice that the user has to make consciously. Here are some tips that help you to decide whether you can trust a web site by look at the https certificate.

On your web broswer, browse to the https URL that you want to verify the trust, example https://www.amazon.com

Click on the lock icon on the lower right handside on the status bar of your web browser. This will open up a dialog box which gives “Certificate Information”.

3. Inspect the “Issued to:” field; ensure that it has the name of the organization that this web site belongs to and that you choose to trust.

4. Inspect the “Issued by:” field; ensure that it has the name of the Certificate Authority that you choose to trust. Certificate Authority is a trusted third party that issued the certificate to this organization.

5. Inspect the “Valid from: to” field; ensure that the certificate is not expired.

If you trust the organization, trust the certificate authority and if the certificate is not expired you can choose to trust the https web site. If it does not meet any of the above mentioned criteria do not trust the web site and avoid transacting with a web site that you do not trust.