October 21, 2005
Verisign Overhypes SSL
This came in the mail a while back. Not email, mind you - the postal mail. At first, I thought it might be an invitation to join some kind of geeky security comic book crowd (the two do come together sometimes) - perhaps the Information Security United Multimedia Artistic Manga Association (ISUMAMA) or something like that.
But no. Instead, it's just more correspondence from Verisign overhyping their service. According to the ad, "evil Internet bandits" are threatening to attack our young heroine's website. However, what these dreaded bandits don't realize is that this person has obtained a certificate from Verisign and SSL will completely protect everything on her site.
Is it me or aren't we as security folks trying to send the direct OPPOSITE message: that SSL isn't a panacea. Is it responsible to encourage consumers to assume that SSL will completely block any and all attacks from "evil internet bandits"? I, for one, do not thank Verisign for this marketing campaign. Security folks will recognize that it's not true, but the average consumer won't - instead, it will (albeit slightly) reinforce the message that SSL is enough and that encrypted web pages are somehow less likely to be attacked than unprotected ones.
Not to mention the FUD that concludes the ad. "You could be next..."
Posted by Ed at October 21, 2005 01:34 PM