Search This Blog

Trusted Certificates Questioned (All Browsers Affected)

Graphical Artistic Rendering of Web Cryptography : Link
Fiddling with the Security Settings in my Android phone, I found a list of System Trusted Credentials from more than 100 corporations all around the world. The results are a bit unsettling. Inquired triggered by Gooligan outbreak! 

Starting in the late 1990s, Netscape created a system of hash encrypted SHA encryption server identifiers that allows the browser to verify the validity of the website you are accessing so that you can be sure when you type that you are directed to a server owned and operated by Wikipedia and not a scam pirate site being run by hackers on a clone server in a dirt ball country like Nigeria.

The Web 

To understand why Trust Credentials (TC's) exist, we must first think about how the web works. The world wide web is a global system of connected computers using a standard IP protocol to connect via telecom networks of all types. Your smartphones, tablets, laptops, desktops, TVs, game consoles, and smart devices of all kinds make use of the TC's/ and related network encryption technology that became important because of online banking and related security when you are shopping on Amazon, Ebay or elsewhere online.

TC's To Browse Safely 

Browsers like Chrome on Android phones, Safari on iPhones, and all of your desktop, laptop and tablet browsers connect to the internet allowing you to safely search online using a list of hash cryptography trusted certificates called public keys, that way the servers you access can tell your browser that you are the accessing the real genuine server, not a phishing site or some other kind of scam that tries to fool you into thinking you are on when in-fact you accessed a fraudulent server designed to steal your information.

The TC Problem 

The problem with TC's boils down to the inability of all of these companies to maintain verified lists of which servers are genuine or not. There is no profit in it for corporations to do the kind of real investigations all around the world in a continuous process that would be needed to accurately validate which servers are genuine. Fortunately ethical companies like Google partner up with internet security firms to create a list of safe TC's to include in the Chrome browser software updates. Keep your browser updated to make browsing online safer! The outdated system of SSL and trust certificates will eventually be replaced by something more secure, especially given that this TC system has been around since 1996!

Internet Democratizing Access to Information 

Everyone wants access to the internet because the internet democratizes access to information of all kinds in all counties about many topics that contrary to the corporate or government interests. Look how life insurance price have decreased since 1996 as an example of how internet access improved customer value of these financial services. Before internet, someone would have had to do the due diligence to call and get a quote from each life insurance company, today there are web sites that aggregates the costs of different services so that you can shop and compare quickly, which caused the prices of life insurance to decrease.

Google Flights enables you to compare fairs for flights on a interactive map with real time calendar data. You simply pick the locations where you want to fly, then your input the dates and a interactive map is formed showing you all the possible route options, not just of your flight, but of flights to neighboring areas, enabling you to pick the best deals from different times, different airlines and different locations easily using an interactive map :) I just about had a happy geek spazz when I found Google Flights while doing research for our upcoming trip to western Europe, a trip that was unfortunately delayed by another year to 2018. There is a hotels feature integrated in Google Flights that takes this to a whole other level of awesome!

Health Insurance Price Fixing + Diamond Price Scam 

The democratizing effect of internet can not be said for health insurance, where prices seem to always climb. The word "affordable" in the Obama Care laws nothing more than a joke. The diamond industry similarly engages in market control tactics to inflate the cost of diamonds. Diamond are not as rare as you have been tricked into thinking. Diamond crystals form in underground dry carbon seems under tremendous pressure and heat; diamond is nothing more than a crystal of carbon.

Gooligan Exploit Rare

I started researching TC's and Android phone security settings because of a malware exploit that has infected millions of phones. Your phone was probably not affected.  To get the Gooligan malware on a phone one had to enable side loading of apps from outside the Google Play store. Secondly the phone owner then had to load an infected app from a third party website. If both happen, then the Gooligan turns their phone into a background download server, creating artificially app rankings on the third party website while also spoofing review scores to make junk malware infected apps look like well rated well reviewed apps to fool people! Because two relatively unusual things had to be done in order for Gooligan to work, more than a billion Android phones exist while only a tiny fraction of less than 1% were affected by the latest malware attack.

TC's OK for Now 

The TC's system is not broken yet, it just has problems that will ultimately push society as a whole into using a more sophisticated internet security system, especially today when online fraud seems to become endlessly more common. Technology a versatile too that can be used for good or evil! Imagine what the world would be like if we all worked together for the mutual benefit of everyone! 

No comments:

Post a Comment