Be Smart on the Internet
   > Be Smart Home
Copyright
   > Illegal Filesharing
   > Copyright Infringement
   > Legal Enforcement
   > Music Resources
   > Learn Before You Burn
Bandwidth
   > Policy & Enforcement
Online Safety
   > Online Communities
Wireless
   > Network Security
   > Pharming
   > Encryption
   > Wireless Routers

Prevent Pharmers from stealing your information

In recent years, many websites have been created pretending to be legitimate services, which are very difficult to discern from a real website. Insecure websites are potential jackpots for hackers looking for information.

However, web services, such as AirBears or RESCOMP, can also be spoofed. Pharming is a technique where hackers pretend they are a legitimate web service, and "pharm" all the information that passes through that service. Assuming a web service is legitimate and secure simply based on the name of the network can jeopardize the security of your passwords and other important information.

If you connect to a Pharm (a hacker pretending to be a legitimate web service), the hacker now has the ability to log all your information. For example, a study was conducted to see how vulnerable students were at UC Berkeley. A pharm was set up in the Free Speech Movement cafe for one hour and over 60 student IDs and passphrases were stolen! This can happen anywhere, at any cafe, or any other wireless internet service that you connect to. The best and most convenient way to combat this problem is through certificates.


What is a certificate?

A certificate is a digital document that verifies the security of a web site. Certificates can help you protect your personal information on the world wide web, and help you protect your computer from unsafe software. If you connect to a website that is verified by a certificate, you can generally assume that the website is secure.

Certificates use a system of public and private keys to ensure that only authorized users can see certain information sent across the internet. If anyone else tries to read the information, they will only see the encrypted file, which looks like gibberish.

A certificate usually contains the following information:

  • Owner's public key - used to encrypt private information
  • Owner's name or alias
  • Expiration date of the certificate
  • Serial number of the certificate
  • Name of the organization issuing the certificate (companies such as VeriSign, InstantSSL, and Entrust)
  • Other information, including a postal address, an e-mail address, etc.

Certificates form the basis for secure communication between client and server on the Web. With certificates, you can:

  • Verify the identity of clients and servers on the Web.
  • Encrypt channels to provide secure communication between clients and servers, and encrypt messages for secure Internet e-mail communication.
  • Verify the source and integrity of signed executable code that users can download from the Web.

Click here to view an example of a security certificate. The certificate shown is from http://www.wellsfargo.com. The certificate includes its serial number, the organization that owns it, the company that issued it (Verisign), the extent of time for which it is valid, and other information.

How can I check if a website is verified by a certificate?

When using Mozilla Firefox or Internet Explorer, you can know if the website is secured by a certificate if a little padlock image appears at the right end of the address bar. You can click on these locks to open a small window with some information about the certificate, as shown in the image below. It will often tell you the certificate provider (Verisign, etc.), the website name, and other relevant information. Also, When you visit a secure Web site (one whose address starts with "https"), the site automatically sends you its certificate.

There are primarily six major certificate providers: Verisign, Thawte, InstantSSL, Entrust, Baltimore, Geotrust and DigiCert. More detail about each of these providers can be found at this site. Thus, when you go to a website and notice that it is verified by one of these providers, you can generally assume that the website is secure.

Under certain circumstances, it is possible for certificates to be revoked. A certificate may be revoked if it is discovered that its related private key has been compromised, or if the relationship embedded in the certificate is discovered to be incorrect or has changed, such as is if a person changes names and/or jobs. A revocation is rare, but even when a certificate is trusted, the user should always check its validity.

The validity can be checked by comparing it against a certificate revocation list, a list of revoked or canceled certificates. The other way to check a certificate's validity is to query the certificate authority using the Online Certificate Status Protocol (OCSP) to know the status of a specific certificate.


Wireless Security | Pharming | Encryption | Wireless Routers
© 2007 Residential Computing, UC Berkeley
All Rights Reserved.
Home | Helpdesk | Appropriate Use Policy | Privacy Policy | Contact Us

Office of Residential Computing - Residential and Student Service Programs, IT Division
2610 Channing Way 3rd Floor, Berkeley, California 94720