Salon.com Technology | Are those servers really safe?

Search About Salon Table Talk Newsletters Advertise in Salon Investor Relations


	Search All of Salon.com Only Technology The Web with Directory Hot Topics Ask the Pilot The Matrix Computer Games Globalization Joyce McGreevy Articles by date All of Salon.com



	Arts & Entertainment - The Movie Page Books Business Comics Health Mothers Who Think News People Politics Sex Technology - Free Software Project Letters Columnists Table Talk Salon Plus Salon Shop Salon Radio



	Table Talk [Freewheeling Salon forums] Have you upgraded to the new iPhone? What's the peeve you're petting today? Posts of the week The Well [Pioneering members-only discussions] How can we best care for our parents as they age? Sound Off E-mail Salon Send us a Letter to the Editor Today's letters


	Downloads Get Salon.com on your PDA Salon.com headlines from My Netscape More ways to get Salon

Are those servers really safe?
A study finds that one-third of so-called secure Web sites are actually "dangerously" vulnerable.

- - - - - - - - - - - -
By Katharine Mieszkowski

Aug. 8, 2000 | Here's just the bit of news that the beleaguered "e-tailing" sector didn't need right now.

A new study says credit card numbers and passwords stored on many "secure" Web servers are vulnerable to hacking.

Print story

E-mail story

Backflip this story to find it again

Eric Murray, an independent security consultant and cryptology expert, tested a random sample of 8,081 secure Web servers and found that 32 percent of them are "dangerously weak." "When you do a secure transaction on the Net, there's a good chance that it's not all that secure," says Murray, noting that many sites offer only a "kid sister" level of security for transactions, as in a "keeping your kid sister out of your diary" level of security.

The study set out to test servers using the secure-socket-layer protocol, which is used by many sites that conduct credit card transactions and maintain customer passwords, such as online retailers, banks, bill-paying services and brokerages.

The sites with weak security support only what Murray calls the flawed and now outdated SSL v2 protocol, use too small encryption key sizes (primarily because of old U.S. export control limitations that are no longer in force) or have "self-signed" or expired certificates -- which may mislead users as to how secure a site really is.

In other words, now that we've all gotten used to thinking nothing of giving our credit card to a site to buy something, we may have new reason to worry.

salon.com | Aug. 8, 2000

- - - - - - - - - - - -

About the writer
Katharine Mieszkowski is a senior writer for Salon Technology.

Sound Off
Send us a Letter to the Editor

Salon.com >> Technology

	Don't get sunburned! Cover up with a Salon T-shirt this summer. More great offers in Salon Plus






	Current Stories Is the Airbus a lemon? Two Airbus crashes in two months: Should we worry? Plus: Welcome to the Six Continent Club! By Patrick Smith Some stories just won't fly I'd love to move on from the Air France crash, but the media insist on getting things wrong again By Patrick Smith When a pilot dies mid-flight Are passengers at risk? Plus: Plenty of flotsam and jetsam, but no real answers in Air France crash By Patrick Smith Flight 447's perfect storm The media loves the "wrong speed" theory, but a lightning strike and electrical failure are more likely culprits. By Patrick Smith

macromedia.com
Visit our site to learn more about our vision of what the Web can be.