The unseen risks of a secure website

The unseen risks in a “secure” website would be that we have to put our trust on the browser. The browser thinks that a site is trust worthy only on the basis of a SSL Certificate which has been given by a third party which again is thought to be trusted by the browser. The ironic par is that the SSL Certificates can be simply bought online. So how safe are the “secure” websites anyway?

A loophole is present with the WebTrust auditing too. The WebTrust auditing is taken up by the Certificate Authorities only because it is a Microsoft requirement. This was done because it wants to incorporate the organizations root certificates in its Windows or IE. Thus the WebTrust compliance does not match any standards for the applying organizations. Nothing about the quality of authentication provided by the organization is verified. Thus the WebTrust compliance does not provide any useful comparison between Certificate Authorities.

Next, most of the sites flaunting a yellow padlock have a secure transmission but it’s only from their server to the client’s browser and not the other way. This makes the security meaningless because the data that was sent by us for authenticating ourselves (e.g. password credit card number, etc.) were the ones which needed security. Thus, a “secure” website does not guarantee secure data transmission from the client’s browser.

Another point is that a padlock turning yellow only means that the client’s browser is connected using SSL. But it does not recognize with whom he connection is made. Thus, it again falls back on trusting the browser and the third party Certificate Authority

Thus, we need to reconsider...are the sites we consider to be secure really secure ????