There was some news last week regarding an online banking service and the fact that someone at this particular bank forgot to renew some website security certificates. The story caught my eye for a couple of reasons. First, because of the job that I do here at Symantec I need to take note of reports such as these. They are often chalked up to human error and as this article on theregister.co.uk states, a lot of these issues are unfortunately considered to be only small problems. It may be a small problem because the solution isn’t difficult to obtain, only time consuming, and hopefully doesn’t affect anyone adversely. In this case the problem didn’t affect the security or integrity of the website in question and was rectified quickly. However, I personally consider these issues to be bigger problems because I can’t surf the ‘net as quickly as my friends and family, simply because I’m more cautious (read: worried) about the bad guys out there, laying traps for me. If I came across these security certificate issues while doing my online banking, I would stop surfing completely and after having contacted the bank by phone to report problems I would ensure my antivirus signatures were up to date and that my desktop firewall was running and updated as well. Seriously, I do practice what is preached and I hope you do too.
This recent problem with security certificates demonstrates that security problems aren’t always what they appear to be. Security problems may not always be found and displayed in front of you by security software. There is a lot of onus on us as the users to be wary when we’re using the Internet, which is difficult when we constantly need to be on the lookout for indicators of malicious code lurking in the corner of our favorite website. It’s just as confusing when there seems like there is a problem with our favorite website (invalid security certificates, for example) but if we soldier on and click through, we get to where we were going. It just takes us a bit longer, right? Well, no, I think it’s wrong to just click through.
This leads me to my second and somewhat more self-centered point. I used to work in the telecoms industry and the knowledge gained working with different manufacturers and products was successful in pushing out a lot of common, street, and real-world sense out of my brain. So, you can imagine that I feel like the quintessential phone geek when I watch a movie or TV show and when the phone rings on-screen I can tell you what brand the phone is and in some cases the model, or if it was ringtone number one through ten. Sad, I know. Although, it is somewhat interesting (and yes I’m getting to the point) that these movies employ creative license—shocking—and the phones being used in shot aren’t always making the noises that they would in real life. What you see may or may not be what you get.
Now, I don’t expect you to spend a decade of your life learning about the intricacies of security certificates, nor do I expect you to be able to “name that ringing pattern” for the office phone blaring away on your favorite TV show. However, I implore you to be vigilant when using the Internet for personal reasons, which I suppose means every time you go online. When you visit your online banking, webmail, social networking, or shopping websites, you need to be careful. I can’t repeat this enough. If you have pop-ups for security certificates, take a minute to take a look at them and don’t just “click-through” without giving it a second thought. That minute you spend making sure you’re comfortable that your site is working correctly could save you loads of headaches. If you are unsure of what to look for, give the website’s helpline a call to ask for assistance. You might actually make them aware of something that was previously unknown to them. Don't forget to ensure your antivirus signatures are up to date and that you have an updated personal firewall enabled.