Wednesday, December 23, 2015

1 Million Websites Soon to Be at Risk Due to Change in Encryption Protocol

Eventually, one technology gets replaced by another and users of the older technology must upgrade, or else risk running an inefficient operation. This upgrade-or-be-obsolete scenario plays out most often with software, like with SHA1, the Internet’s most popular encryption protocol, slated to have its SSL certificates expire on January 1, 2017.
Essentially, any website using SHA1 certificates after this date will have problems loading, and may even be vulnerable to hacks. Websites that utilize SHA1 protocol are signified by HTTPS, which include many of the most popular websites on the Internet. In fact, ZDNet goes so far as to describe SHA1 protocol as “the cryptographic hashing algorithm that’s been at the heart of the web’s security for a decade.”
For a decade, SHA1 security has provided users with the peace of mind that their sensitive content is encrypted and can’t be skimmed by hackers, but all of this is about to change. Soon, a significant number of older devices won’t be capable of processing the new SHA2 security protocol certificates, which will put their sensitive data at risk. ZDNetputs a number to these at-risk websites; “About 24 percent of SSL-encrypted websites still use SHA1 -- or, about 1 million websites.”
Thankfully, the situation is improving every day as more websites update their protocol. In fact, it’s estimated that by the end of this year, the number of websites utilizing SHA1 technology will decrease by 90%. So no need to hit the panic button quite yet. Although, the expiration of SHA1 is still expected to leave enough websites vulnerable to cause concern and warrant caution when browsing the Internet. ZDNet puts this threat into perspective:
For most people, there's nothing to worry about. The majority are already using the latest Chrome or Firefox browser, the latest operating system, or the newest smartphone with the latest software, which are compatible with the old SHA1-hashed websites and the newer SHA2-hashed websites. But many, particularly those in developing nations, who are running older software, devices, and even "dumb phones," the candy bar cell phones that have basic mobile internet, will face a brick wall, because their devices aren't up-to-date enough to even know what SHA2 is.
The expiration of SHA1 security protocol is just one example of why it’s vital to stay on top of upgrading all of your company’s mission-critical software. A more common upgrading situation that companies run into is when their operating system expires and is no longer supported with security patches provided by the software developer, like with the recent examples of Windows XP and Windows Server 2003.
It can be a chore to stay on top of upgrading every piece of technology in your office, let alone stay current with software licenses so that you don’t get fined. This is why Net It On does this for you as part of our managed IT service. We are able to remotely monitor the software situation of your entire IT infrastructure and take care of any needed upgrades, security patches, and software licenses. Call us today at (732) 360-2999 and never get caught using outdated technology again.

No comments:

Post a Comment