In simple terms, SSL (Secure Socket Layer) is the protocol used to establish a secure, encrypted connection over the web. A Certificate is used by a website to identify itself to the end user's browser. A CA is a Certification Authority. Any certificate encoded by and provided by a trusted CA (such as Verisign) is assumed by the web browser to be authentic and proves to the browser that the website is who it claims to be (aka, Bank Of America's website is actually legit and not trying to steal your info). If hackers break the encoding algorithm of the legitimate CA's, they can create fake certificates that will be accepted by web browsers, making it more difficult for an end user to detect a phishing website because they will get no certificate warning.
For example: The hackers could create a fake Bank of America website that looks just like the real thing, but call it www.boa.com and give it a certificate that claims to verify the site is owned by Bank of America and verified by VeriSign. They could then send out a mass spam email campaign that looks to be emails from Bank Of America saying 'Check out our new website, and pointing to the fake site. Browsers would not warn the end users that the site may be fake because the certificate would look just like it is legit. Unsuspecting people would then enter their account info, and the hackers would have access to countless bank accounts.
Existing User Log In
New User Registration
Register for a free account to gain full access to the VGChartz Network and join our thriving community.
