Author

Topic: [INFO] Website Security Protocols (Read 132 times)

legendary
Activity: 2310
Merit: 4085
Farewell o_e_l_e_o
June 04, 2021, 08:50:55 PM
#5
SSL vs. TLS - What are differences of two certificates?

Those certificates can not completely protect website users if they carelessly have bad web surfing habit. It's very similar to exchanges, a big exchange with top-notch audits, security systems can be better but customers have to maintain their healthy habit, and make self-protection.

Don't totally rely on certificates or protection from third-party solutions.
legendary
Activity: 1862
Merit: 5154
**In BTC since 2013**
June 04, 2021, 06:05:56 PM
#4
User-targeted attacks are rarely so sophisticated, many people are fools to be deceived in simple ways, so following some simple steps will make it difficult to get hacked.
Ensuring a padlock will not make you 100% safe. Encryption means it is hard for the third part to read any your password but the site can read it and hacker may read it if your OS have some backdoors.

This is why it is important that websites/services use SSL services from well-accredited security companies. This will bring greater security to the service, as it ensures that site-customer communications are permanently monitored, with the aim of preventing attacks.

Unfortunately it will never be 100% secure, but it will certainly eliminate the vast majority of attacks.
legendary
Activity: 2702
Merit: 4002
June 04, 2021, 03:10:28 PM
#3
User-targeted attacks are rarely so sophisticated, many people are fools to be deceived in simple ways, so following some simple steps will make it difficult to get hacked.
Ensuring a padlock will not make you 100% safe. Encryption means it is hard for the third part to read any your password but the site can read it and hacker may read it if your OS have some backdoors.
legendary
Activity: 2352
Merit: 6089
bitcoindata.science
June 04, 2021, 12:39:55 PM
#2
An example
Take, for example, one of the oldest cryptocurrency exchange services on the market: Coinbase.


Padlock at the top and https at the address.

These are very basic security procedures to avoid getting scammed. There are many phising websites which will try to get your login/password with fake websites

Especially if you are going to insert login information, such as passwords or connect a meta mask wallet, you should be extra careful about this.

Always check "View Site Information" and certification buttons, as you showed up here.
legendary
Activity: 1862
Merit: 5154
**In BTC since 2013**
June 03, 2021, 12:37:48 PM
#1
The security and protection of the computer, tablet and smartphone is increasingly important, as it is in these devices where we keep our personal data and perform various delicate tasks, such as online purchases/payments, accessing a bank account or moving Bitcoins. By the way, with Bitcoin and all the technology involved, we can be our own bank.


Why is security important?
First of all, it involves our money, and nobody wants to be robbed.

Traditional banks and financial systems, 24 hours/7 days a week, people and security platforms, urgently monitor their systems, to combat the attacks they may face. Consulting firm Deloitte estimates that financial institutions spend an average of 0.3% of revenue and 10% of their annual IT budget on cybersecurity. But according to Carnegie’s Cyber Policy Initiative timeline, over the past 13 years there have been more than 200 notable attacks. This shows that despite all this investment, insiders continue to occur where millions of dollars are stolen.

In view of this scenario, exchanges, cloud wallets and services related to cryptocurrencies are extremely important, as well as online stores, payment services, email services, bank sites or other sites, where confidential personal information is introduced, must use protocols for security to prevent attacks.


What security protocols are these?
Since attacking financial systems, traditional or digital (including cryptocurrency), directly is more complex, difficult and with a lower success rate. Attackers prefer to attack the end user and/or the connections made between the client-system.

Therefore, the Secure Sockets Layer - SSL security protocol is commonly used. Basically this protocol serves to protect the data between the user and the website/service. The protocol creates an encrypted tunnel between the computer and the server, making it difficult to steal information that passes through that tunnel. This allows payment data (for example) to be more secure against theft or manipulation by third parties.


How to know if a website/service uses these protocols?
These protocols are activated automatically, whenever a site/service has it, they do not need user intervention. Different internet browsers mark websites that use security protocols with a "lock" next to the website address or at the bottom of the window. By clicking on this "lock" you will be able to obtain information about the protocol being used. Also, for sites that use security protocols, the beginning of the address is written by "https://".

Sites that use SSL also have security certificates, which allows you to prove that the URL (address) you are accessing is really from the company/service, this helps to understand if the site we are accessing really belongs to who it claims to be. An invalid certificate may indicate that the website is not genuine or that your internet connection may be corrupt. These certificates are purchased from independent companies dedicated to computer security, and have an expiration date. In order to have this certificate, normally the website must have SSL.

There are several companies that offer this type of certificate, the best known being:
Comodo SSL | DigiCert | GeoTrust | Thawte

The certificates of these companies are paid, and usually those recommended for sites/services that involve money movements. For simpler sites, free certificates can be used, which also have a good layer of security, with the ones from the Let's Encrypt.


An example
Take, for example, one of the oldest cryptocurrency exchange services on the market: Coinbase.


Padlock at the top and https at the address.


By clicking on the padlock, information about the protocols and certificates used appears.


Clicking on "Certificate" will open a window with more details.


Are all sites that don't use this type of protocol insecure?
Not exactly. As mentioned, not all sites/services ask for sensitive information. If a website that does not use this type of protocols or certificates does not request confidential information from the visitor, it is not a problem. Even so, I recommend using the free certificates, which always provide an extra grain of security.

On the other hand, sites where you can make payments, make online purchases, bank sites or services linked to cryptocurrencies, should use security protocols and certificates from independent companies that provide high levels of security, to ensure greater security in the exchange of information between the user.


Summary
When visiting a website, where you have to enter sensitive information, such as credit card numbers, access credentials to bank websites or other payment systems, you must make sure that these security requirements are met, otherwise it is recommended not to do so. these tasks for security reasons.

Always keep in mind that these security protocols only serve to protect the communication between you and the website/service. Therefore, try to keep your PC safe and secure, with responsible internet browsing.
Jump to: