litheon

Discussion on all things college and technology.

MajorNelson.com, now with SSL

When logging into majornelson.com (or litheon.com) you might notice that you are redirected to the secure page. Although we generally wouldn't purchase SSL certificates for our sites, especially the wildcard certificate for majornelson.com, DigiCert made a very generous offer to quite a few Microsoft MVPs and as such Major and myself now have SSL. So thanks to them you can now rest assured that nobody will be harvesting your login credetials.

I must say DigiCert has a very user-friendly experience, even for somebody, like myself, who has never gone through the process of creating or requesting a certificate before. If you're ever looking for a wildcard certificate or a certificate with a few subject alternative names (domains it's valid for) you should definitely check them out. They have a very friendly, responsive, and incredibly fast staff (even at 3 AM).

In case you're curious SSL works by using asymmetric cryptography to obscure data sent between both the client and server. In the process the client requesting information from the server receives a public key from the server, with which it can generate it's own private key and then encrypt it before sending it back to the server. After this both parties will be able to encrypt and decrypt data sent between them so they can be reasonably sure that no untrusted third party could be maliciously intercepting their communications. During this key exchange progress is generally where the protocol is most vulnerable because the client could potentially be given a bogus certificate by any entity performing a man-in-the-middle attack, which would allow them to retrieve encrypted data sent to them, decrypt it, and then send it off again to the server as encrypted. However, it is very easy to combat this by paying attention to any sort of certificate errors you may receive during browsing. If you ever receive a certificate error when visiting a site you trust (and have visited it securely) it's usually accurate to assume somebody is trying to intercept your communications.

In other words, if you ever receive a certificate error when visiting litheon.com, majornelson.com, or any other website for that matter don't ever input any sort of information that you would not trust in the hands of a third party. Also if you ever have any issues in regards to security with either site feel free to send me an email.

Posted: Tue, Jan 8 2008 8:29 AM by litheon | with 2 comment(s) |
Filed under: , ,

Comments

ushman360 said:

Wow! Looks like both sites are going in the right direction. Is the main problem now with online security the user/ customer service operators? I say that because of what happened with that guy who had the Halo recon armor account taken. Do you have any advice on how to protect your account better?

# January 9, 2008 11:48 AM

duzzyman said:

I've always found network criptography intresting. When I get into my senior year of HS I'm taking a collage class that at the end is a test for MSCE network administration so maybe thats why. History has a special on about public/private key encription and specificly the terrorist who was found using pretty good protection (public/private key encription software0. Good watch. You'd probably like it lith.

# February 20, 2008 11:44 AM