| By Woody Leonhard |
Two brazen Web-server break-ins this year call into question one of the Internet’s fundamental security mechanisms — website security certificates.
Because the most recent breach affected only PC users in Iran, most of us assume we’re immune. But we’re not; here’s why — and what we can do to protect ourselves.
The mainstream press has gone gaga over the story and has produced a blizzard of ill-informed and misleading reports. If you can join the words hacker, Iran, and browser with a few technical-sounding nonsense words and then speculate wildly, you, too, could be writing copy for one of the major news outlets.
Below, I explain exactly how security certificates work, and I describe the perversity of the certificate-issuing process: how we got into this fine mess and what we can do to stay out of it in the future.