Jersey City, NJ (PressExposure) September 01, 2009 -- In order to make the business of exchanging information on the Internet as clear as possible, even among different platforms and languages, software developers have designed a clear standard of communication. That standard is called the Hyper Text Transfer Protocol (HTTP).
The disadvantage of such a clear protocol is that anyone who intercepts an online transaction can easily read it unless it has been altered. The computers exchanging the information can agree upon a method to disguise it. The text can be changed using a process called encryption. When computers exchange encrypted text, the protocol is called HyperText Transfer Protocol Secure (HTTPS).
The two computers agree to transpose the message into an unintelligible "hash" of characters. For example, instead of plain characters, encrypted text looks like this:
3048 0241 00C9 18FA CF8D EB2D EFD5 FD37 89B9 E069 EA97 FC20 5E35 F577 EE31 C4FB C6E4 4811 7D86 BC8F BAFA 362F 922B F01B 2F40 C744 2654 C0DD 2881 D673 CA2B 4003 C266 E2CD CB02 0301 0001
HTTPS uses a document called a "digital certificate" to create the hash file. Only the owner of the private key associated with the digital certificate can read or understand the encrypted communication.
Most popular Internet browsers acknowledge SSL communications by displaying a small yellow padlock appears in their bottom right-hand corners.
Recently hackers have discovered that they could buy SSL certificates online, without their trustworthiness being checked. The only verification is a series of email challenges that determine whether the applicant has some access to the domain name listed in the purchased certificate. If a hacker passes the email test (even if he or she is not the legitimate owner of the domain), he or she receives a "domain-validated" SSL certificate, enabling the browser to display the golden padlock.
Many Internet users believe that the padlock signals that their online communications are safe. Although the hacker is using encryption, these low level certificates do not give any guarantee that a user is communicating with the right company. Their information may be securely transferred straight into the hands of a thief.
Checking a website's certificate is a good practice that helps netizens avoid spoof websites, sometimes called "phishing" sites. To check the certificate, click on the padlock. The browser will display the name of the owner of the certificate. This name should match the name of the website operator.
Companies requiring digital certificates have a better alternative for online communications: Extended Validation (EV) SSL certificates. To receive EV SSL certificates, online businesses must be verified as to their business identity and their existence. A business must be verified by a certificate authority, both that it is an existing business and that it has exclusive control over the domain.
When Internet users access a website using an EV SSL Certificate, they receive a special confirmation. All popular browsers turn their address bars bright green as an indicator that the business has passed the more complex validation process, adding a visual reassurance that this online transaction is with a confirmed entity.
Seeing a site with an EV SSL Certificate confirms two essential factors:
* That the user has a secure SSL (encrypted) link with this website * That this website represents a real organization
Comodo is a leading brand in Internet security, covering an extensive range of security software and services, including digital certificates, PCI scanning, desktop security, online faxing, and computer technical support services.
Businesses and consumers worldwide recognize Comodo as standing for security and trust. Comodo products secure and authentic online transactions for over 200,000 business and have more than 18,000,000 installations of Comodo desktop security software, including an award-winning firewall and antivirus software offered at no charge.
The Comodo family of companies is committed to continual innovation, core competencies in PKI, authentication, and malware detection and prevention. As a catalyst in eliminating online crime, the companies' mission is to establish a Trusted Internet.
With US headquarters overlooking Manhattan on New Jersey's waterfront, and global resources in United Kingdom, China, India, Ukraine, and Romania, Comodo products offer intelligent security, authentication, and assurance.
Comodo -- Creating Trust OnlineÂ®. For more information, visit Comodo's website.
For more information, reporters and analysts may contact: Comodo Group, Inc Newport Tower 525 Washington Blvd., Suite 1400 Jersey City, NJ 07310 Email: firstname.lastname@example.org +1 (201) 963 0004 x4073