Secure Servers and SSL
The Internet definition of secure server is a server which provides
secure connections. Secure servers are most often used to conduct
electronic commerce via the Internet. Secure servers are not
however, secure by definition.
Secure server is a misnomer which has been used by the creators and
vendors of specialized encryption technology called SSL -- a
multi-million dollar per year industry. Verisign, one of the largest
purveyors of SSL technology, was worth
over $2B as of March, 2002.
All secure server truly means is that your data connection to and from
the server is encrypted. This in-transit protection is actually the
least important place to have your data secured. It is more important
for it to be secure on your computer, and on the computer systems of
the remote servers you are using. Willy Sutton robbed banks "Because that's
where the money is". Modern-day thieves go after the big catches
too, stealing thousands, or even millions of credit cards and
identities at once. The buying public has been duped.
What Does A Secure Server Protect?
A Secure Server only protects data while it is in transit between your
PC and the web server you are connected to.
Contrary to popular belief, a secure server protects very little.
Secure servers use a type of public key encryption technology called
RSA. This encryption technology allows any pages displayed by the
server to be encrypted from the time they leave the web server until
they reach your web browser. It also allows any information you are
providing to the web site to be encrypted from the time it leaves your
PC until it arrives at the remote server. All popular web browsers
have SSL encryption/decryption capabilities, and indicate the use of
encryption through the use of a lock icon.
What Does A Secure Server Not Protect?
Secure servers do not protect any of your personal information. Sure,
your personal information will be encrypted while it is in transit,
but nothing is done to protect your information once it is received by
the secure server.
Your biggest exposure to theft is on the remote computer system.
Millions of people's credit
cards and personal
identities have been stolen from secure servers. What matters
more than having a vendor having secure server is that vendor having
strong security guarding against break-ins and mis-use of all of its
servers. Unfortunately it is rare for even the biggest companies to
have tight server security.
What To Do
The bottom-line? Secure servers aren't secure. It's still buyer