Ssl Certificates Are In Use Today Not All Valid
- Date: 2010-09-15 - Word Count: 517
Share This!
Qualys, a security research firm tries to paint a detailed portrait of SSL deployments and gaps with a new still under-development study which aims to provide a deeper level of information on the status of the SSL market than what is currently known. So far most industry intelligence on the subject came from Netcraft and vendor reports.
Qualys has scanned 119 million domain names in his study, but only 92 million domain names were active. Approximately 12.4 million domains could not resolve correctly and 14.6 million did not respond. Domains that are active who responded, almost 34 million responded to Qualys analysis on port 80 and port 443. Port 80 is generally used for HTTP, whereas port 443 is generally used for HTTPS, SSL secured Web sites.
Digging a deeper layer in active sites on port 443, Ivan Ristic, Director of engineering at Qualys, said in a seminar that he found that only about 23 million sites were running SSL Web.
SSL certificates can be generated for any domain name. It is considered as a good practice that the name on the SSL certificate is name of the domain to which the SSL certificate is used, although the Ristic's research shows that this isn't always the case.
"Approximately 3.17% domain names matched", Ristic said. "So, we have approximately 22 million SSL server certificates that are completely invalid since they do not match the domain name on which they exist in".
Identifying invalid SSL certificates:
A talk set to deliver at the Black Hat USA Conference this summer, Ristic said his company had a SSL security audit of publicly available SSL service for some time. But, the Qualys SSL checker required that users came to the site to verify their own SSL status. With the new research conducted by Ristic, Qualys defined on the analysis of the Internet to gather information about how sites implement SSL.
As per VeriSign, there are currently approximately 193 million domain names. In terms of SSL, Netcraft reports that there are 1.5 million SSL certificates. Ristic has decided to focus its research on the total number of .com, .net, .org, .biz, .info and of .us domains, total 119 million domain names.
Ristic has explained that he built a virtual machine that was able to run 2,000 threads in parallel to scan millions of domain names. The whole procedure took him 2 days at a speed of 1,000 servers scanned per second.
"Hardware has nothing special - I use a virtual server in the cloud, and it is just a medium-sized box," Ristic said. "The trick to why testing is fast is that it is only a few network packets that are exchanged, and it is enough to determine if the server on the other side is able to support the Protocol. "
As a part of full report that he works, Ristic said that he will make a more in-depth analysis of 720,000 SSL certificates he discovered in his initial analysis and considers valid SSL certificate. The plan is to collect data up to 300 on each SSL server to better understand how certificates are deployed and configured.
Qualys has scanned 119 million domain names in his study, but only 92 million domain names were active. Approximately 12.4 million domains could not resolve correctly and 14.6 million did not respond. Domains that are active who responded, almost 34 million responded to Qualys analysis on port 80 and port 443. Port 80 is generally used for HTTP, whereas port 443 is generally used for HTTPS, SSL secured Web sites.
Digging a deeper layer in active sites on port 443, Ivan Ristic, Director of engineering at Qualys, said in a seminar that he found that only about 23 million sites were running SSL Web.
SSL certificates can be generated for any domain name. It is considered as a good practice that the name on the SSL certificate is name of the domain to which the SSL certificate is used, although the Ristic's research shows that this isn't always the case.
"Approximately 3.17% domain names matched", Ristic said. "So, we have approximately 22 million SSL server certificates that are completely invalid since they do not match the domain name on which they exist in".
Identifying invalid SSL certificates:
A talk set to deliver at the Black Hat USA Conference this summer, Ristic said his company had a SSL security audit of publicly available SSL service for some time. But, the Qualys SSL checker required that users came to the site to verify their own SSL status. With the new research conducted by Ristic, Qualys defined on the analysis of the Internet to gather information about how sites implement SSL.
As per VeriSign, there are currently approximately 193 million domain names. In terms of SSL, Netcraft reports that there are 1.5 million SSL certificates. Ristic has decided to focus its research on the total number of .com, .net, .org, .biz, .info and of .us domains, total 119 million domain names.
Ristic has explained that he built a virtual machine that was able to run 2,000 threads in parallel to scan millions of domain names. The whole procedure took him 2 days at a speed of 1,000 servers scanned per second.
"Hardware has nothing special - I use a virtual server in the cloud, and it is just a medium-sized box," Ristic said. "The trick to why testing is fast is that it is only a few network packets that are exchanged, and it is enough to determine if the server on the other side is able to support the Protocol. "
As a part of full report that he works, Ristic said that he will make a more in-depth analysis of 720,000 SSL certificates he discovered in his initial analysis and considers valid SSL certificate. The plan is to collect data up to 300 on each SSL server to better understand how certificates are deployed and configured.
Related Tags: ssl certificates, ssl, ssl certificate, ssl security, ssl server, ssl service, ssl web, valid ssl, enterprise ssl, enterprise ssl security certificate
Your Article Search Directory : Find in Articles
Recent articles in this category:
- Understanding Cisco Sfp Optical Transceivers
The word SFP is an IT industry term which stands for Small Form Factor Pluggable. An SFP is a variet - Sharing The Internet Connection
If you are connecting two or more of your computers with each other over the network, then it is eas - Connecting The New Computer To My Server
The server is the computer that will handle the requests for applications, data and also other netwo - Networks
What is a network and its types ?The generic term " network "defines a set of entities (objects, peo - A Mail Forwarding Usa - A Gift To Global Trade Links
Technologies have evolved very much over the past few decades. Globalization has enabled the world t - Benefits Of Wan Optimization Appliances/devices
In today's globally competitive market, corporate organizations both big and small adopt strategic m - Proper Network Cable Management And How It Can Save Your Business Time And Money
In many businesses now there are plenty of computers which will likely be attached to some sort of s - Dedicated Hosting In India For Web Servers
Dedicated web server hosting in India for complete control over your dedicated server is provided by - Outsourcing: The Future Of Network Management India
Computer Networking is a dynamic area and few strategies that were not thinkable yesterday can becom - Icarol Is Built Specifically For The Needs Of Nonprofit Helplines
There are many 'off the shelf' or 'home-grown' Customer Relationship Management (CRM) systems and so
Most viewed articles in this category:
- Image Sticking In Lcd Tv Sets
Image Retention - Isn't it just an issue with Plasma TVs?What is Image Sticking?Many are aware that - Used Foundry Networks: Used IT Gear Goes Mainstream
San Francisco, CA April 10, 2006Ask any IT manager what they think about used data networking gear a - CCNP Certification / BCMSN Exam Tutorial: Server Load Balancing (SLB)
When you're working on your BCMSN exam on your way to CCNP certification, you'll read at length abou - CCNP Certification / BSCI Exam Tutorial: The BGP Neighbor Process
Like TCP, BGP is connection-oriented. An underlying connection between two BGP speakers is est - CCNA / MCSE / CCNP Certification: Making Failure Work For You
Whether you're on the road to the CCNA, CCNP, MCSE, or you're on any other computer certification tr - Cisco CCNP / BSCI Exam Tutorial: OSPF Route Redistribution Review
OSPF route redistribution is an important topic on the BSCI exam, and it's a topic full of details a - Cisco CCNA / CCNP / BCMSN Exam Review: Trunking And Trunking Protocols
To earn your CCNA or CCNP certification, you've got to understand the basics of trunking. This - Cisco CCNP / BSCI Exam Tutorial: 10 ISIS Details You Must Know!
Earning your CCNP certification and passing the BSCI exam depends on knowing the details of many Cis - Cisco CCNA / CCNP Certification Exam Tutorial: ISDN And Multilink PPP
ISDN is a huge topic on both your Cisco CCNA and BCRAN CCNP exams. While many ISDN topics seem - Used foundry networks hardware remains in high demand
San Francisco, CA May 22, 2006: In recent years, the trend towards used networking hardware has cont