2014-10-21

(Ping! Zine Issue 73) – The Internet threat landscape is a dark and scary place. Another day, another hack. Another day, another vulnerability. Is anything safe online anymore?! Believe it or not, there is a staple of the web security industry that continues to grow and remains extremely strong: SSL certificates. While not the sexiest of web security solutions, SSL certificates have continued to be a stalwart of the industry and are only going to continue to gain even more relevance and recognition among web-users.

SSL certificates are fairly well-known in the hosting industry, but certainly not a favorite product amongst most, with good reason. The process of obtaining and installing a certificate can be a bit daunting for the average website owner with limited technical knowledge. Unlike most other online products – the process of receiving a certificate isn’t a one-click process.

A lot of web hosts simply do not want to deal with the hassle of offering SSL certificates, since they have nightmares of increased support tickets, frustrated customers, and wasted time on a product that is not core to their business. But, as SSL continues to gain awareness – specifically as hacks continue to dominate the headlines and now with a recent announcement from Google that websites equipped with SSL will get that coveted SEO boost – the time to capitalize on the impending demand is now.

But how? Is there a company out there that can help web hosts navigate the murky waters of SSL? Is there technology available that can make the validation and installation process less of a soul-draining experience? The short answer is: yes! But, before we dive into that, let’s examine the current state of web security. Brace yourself.

Recent studies by the Symantec Corporation (SYMC), the foremost worldwide information protection specialist, have taken a deep dive into the critical state of web security. Their latest report sadly predicted that what we have seen thus far may just be the tip of the iceberg. As we traverse through 2014, we could be in for bigger web security challenges while hackers persistently develop more innovative and sophisticated attacks every day. The following is a summary of this far-reaching Internet security threat as analyzed by Symantec’s web security experts.

How Vulnerable is the Web Browser Ecosystem?

The Symantec report started out by showing 2013 as a breakpoint year for online security with much of the attention focused on cyber spying, privacy incursion, and malicious acts by insiders. The 2013 year-end mega Target breach, along with other security infractions, are obvious indications that cybercrimes are getting more aggressive and sophisticated. And it doesn’t help that social media recklessness, proliferation of mobile technology devices and the flourishing realm of the Internet of Things (e.g., the so-called “smart” cars, medical gadgets, refrigerators/household appliances) – all give cyber criminals a more extensive playground. The report includes exploring the prevalent web security threats, their impact on businesses, and how the industry’s response teams can leverage an in-depth defense strategy to protect their valuable resources.

Most Recent Attacks

It doesn’t look like data breaches and website attacks are going to slow down any time soon. There’s still one quarter left in the year, but a number of high-profile hacks have already stunned and shaken prominent global companies. Cyber criminals are stepping up their craft and data breaches are getting to be (almost) commonplace, larger in scale, and more vicious with stolen financial information and personal records sold on the black market in just a matter of days. Here are some of the most recent devastating attacks and flaws (in no particular order) that have taken place or come to light this year, so far.

Target Gets Targeted

With more than 70 million customers affected, the Target attack is considered one of the most brutal data breaches from any consumer business perspective. Target’s massive data breach grabbed the headlines during the first three weeks of holiday shopping season in 2013, and the fallout still remains to this day.

“Backoff” Hits Dairy Queen

Dairy Queen is just one of the latest victims of this malware breach that is said to have affected nearly 1,000 businesses in the United States. Backoff, which was discovered in October 2013, is a strain of malware that attacks point-of-service (POS) machines. It is capable of scraping memory for credit card data and logging keystrokes as well as establishing command-and-control communication.

Heartbleed

The Heartbleed bug managed to remain hidden for more than two years, until it was exposed by a group of Google researchers in conjunction with Codenomicon, a relatively small Finnish security company. This bug exposed credit card details, passwords, encryption keys and a lot more sensitive data. This vulnerability briefly had the industry reeling as some of the largest and most notable sites like Google, Amazon, Yahoo, and Facebook scrambled to patch the flaw.

JP Morgan Chase and Four Other Banks/Firms

The JP Morgan Chase network and at least four other financial institutions were hit by a string of coordinated attacks that siphoned off enormous quantities of data that included savings and checking account information. The attack resulted in the loss of gigabytes of sensitive data that may have jeopardized employee and customer information.

iCloud – Phishing in the Cloud

Apple’s iCloud got caught up in the middle of a stolen celebrity scandal just recently and cybercriminals are not about to let the opportunity pass for exploiting the furor. Attackers are launching a phishing campaign that aims to steal Apple IDs. Bogus notification messages are being deployed by the criminal gang behind the Kelihos/Waledac botnet.

The Home Depot Breach

Most recently, everyone’s favorite hardware store was hit hard in a very similar way as Target. In fact, the point-of-sale system was seemingly compromised with a new malware strain that derived from BlackPOS, the same malware found in the Target attack. This attack affected all of their 2,200 US and Canadian stores and millions of customers who used their credit card and debit cards in-store.

The Relevance and Benefits of SSL Now More Important than Ever

Although, SSL certificates really had nothing to do with any of the attacks mentioned above, general consumers kind of just wrap it all up under the same thing: fear of doing business online. So, anyone who is involved in the web understands that SSL is the backbone of online security. Simply put, it’s the frontline of defense in keeping sensitive information safe and secure when traveling over the web. Here are the overall primary benefits of SSL:

Encryption of Sensitive Information

The fundamental purpose of using SSL is to encrypt sensitive data so that only the intended recipient is able to decipher it. An SSL certificate ensures that information being sent from a browser is encrypted and protected against hackers and other cyber thieves.

Gain and Boost Trust for a Website

Visitors will know when the connection to a website is secured by SSL through visual cues that web browsers provide, such as the green address bar or padlock icon*. Users will take this as an indication that a website can be trusted and they are more likely to make a purchase from that site. A Trust Seal from a recognized third-party security company or Certificate Authority (CA) further instills a sense of trust among online customers.**

SEO Advantage

Obtaining an SSL certificate may not be your number one priority right now, but it is definitely worth keeping in mind since it has become a MUST as Google continues to push towards improved web security. We’ll dive into this a little deeper later, as it is the newest benefit to SSL.

But what exactly is SSL?

SSL is an acronym for Secure Socket Layer, an encryption algorithm/technology that creates a uniquely encrypted connection between a web browser and a web server, allowing transmission of private information without getting anxious about data tampering, eavesdropping, or message forgery. It is a digital file that has to be installed on the server. This security certificate is issued by a Certificate Authority (CA), which takes the necessary precaution of verifying that the domain actually belongs to an authentic and legitimate organization, thus protecting users from man-in-the-middle attacks.

Types of SSL

Domain Validation

These certificates are the quickest and cheapest to obtain, as they only validate that the person who is receiving the certificate owns the domain(s) they wish to secure.

Organization Validation

These more premium certificates require companies to complete a light validation process before issuance. They offer more features with regards to injecting trust into a website.

Extended Validation

These are the most feature-rich certificates on the market. They come with the most universally recognized symbol of trust on the Internet – the green address bar – utilized by industry titans like Twitter, Bank of America, PayPal, and more.

HTTPS Everywhere: Taking Website Security to the Next Level

Last year, Google introduced HTTPS (Hypertext Transport Protocol Secure) by default for encrypted search and Gmail. This means that people using Gmail, Google Drive, and Search, for instance, automatically get secure connections to Google.

Google has also been working to make the Internet a safer place for sensitive information with a broader and more comprehensive reach by making sure that websites which users access from Google are likewise secure. It is in this context that Google called for “HTTPS Everywhere” on the web. Since this announcement, an increasing number of webmasters and major communication sites are following suit and adopting HTTPS on their websites.

The SSL Impact on Google Ranking and SEO

This encouraging response prompted Google to run tests that take into account the use of secure, encrypted connections as a signal or factor in their search ranking algorithm. And just last month, Google made an official announcement introducing HTTPS as part of its algorithm. It’s only a very “lightweight” signal to start with (it only affects approximately 1% of worldwide searches/queries at the moment) and other signals, such as high quality content, website speed, and user experience still carry much more weight. This is mainly to give webmasters adequate time to upgrade to HTTPS, as the signal may be strengthened and given considerable significance over time with the primary goal to keep everyone safe on the Internet. In effect, the incentive is such that websites which are adequately secured by HTTPS may get higher rankings in Google and enjoy the full benefits of increased visibility and traffic. Conversely, those that do not adhere may suffer the “penalty” of not being found on Google at all; hence, less visibility and traffic for their websites.

A Brief Rewind to the Tedious SSL Process

If they are so safe, why hasn’t everyone been using them all along? SSL certificates are quite unlike most products that you can just purchase and use instantly. The entire process of obtaining and installing an SSL certificate, from purchasing to getting it up and running, requires a lot of work that can lead to a lot of delays or erroneously done procedures, most likely because of the user’s unfamiliarity with the process. Although it may be relatively simple for IT experts, it is very technical and can be quite difficult for the Average Joe Website Owner or the neighborhood webmaster who has never experienced installing an SSL certificate before. This is the main reason why some web hosting companies typically don’t even bother with SSL as part of their business – too much hassle to justify what they think is limited profitability.

The outdated SSL process of yesterday can be summed up as follows:

After making the purchase, the user has to figure out how to generate and submit the CSR (Certificate Signing Request)

Verify that they own the domain

Provide documentation to properly validate the company Download the certificate upon receipt

Figure out proper installation of the certificate on their type of server

Verify that the SSL certificate is fully up and running

Meet the SSL Store

Needless to say, inexperienced users would find this archaic process quite daunting and tedious, not to mention frustrating. Luckily, that’s where The SSL Store™ comes in, they were founded in 2008 to take as much pain out of the SSL process as possible. It is thus, that the concept of automated SSL was conceived; stemming from both the general frustration of web companies and customer demand for a better and simpler method to successfully install SSL certificates without going through all of that trouble and confusion.

A Premium SSL Service

In today’s hosting industry, where just about everything is automated, constantly updated, and comprehensively enhanced, it would seem that SSL got stuck in an antiquated phase – up until The SSL Store™ came up with the brilliant idea of AutoInstall SSL™.

With more than six years of extensive SSL experience, The SSL Store™ has answered thousands of queries about SSL verification and installation, which led them to the conclusion that a lot more resources should be dedicated to making the users’ SSL experience much more straightforward and convenient. According to Kevin Johnson, The SSL Store™ Channel Manager, they have more than 50 employees focused solely on SSL and collectively came up with a one-of-a-kind automated solution that only a premium SSL service can provide to end-users. SSL has finally come of age and is catching up with 21st technology, at last!

AutoInstall SSL™ and Its Distinctive Features

Talk about streamlining the SSL process from top to bottom! As the name implies, it fully automates the usually burdensome process of installing SSL certificates and eliminates redundant back-and-forths that often result in ill-will, unnecessary headaches, and the need to seek assistance from someone or somewhere else. In contrast to the arduous manual steps typically associated with archaic SSL, this innovative technology allows end-users to:

Automatically generate the CSR

Automatically verify/validate domain ownership

Automatically download and install the SSL certificate

Automatically verify that the installed certificate is up and efficiently running

AutoInstall SSL™ is designed to work with all three types of SSL certificates – Organization Validated (OV), Domain Validated (DV), and Extended Validation (EV). Multi-domain and wildcard certificates are also supported.

For DV certificates, AutoInstall SSL™ handles virtually the entire installation and validation process – all it takes is a few minutes and a couple mouse clicks. For OV and EV certificates, the customer will still have to carry out the validation process as required by the guidelines of the CA/B Forum; however, AutoInstall SSL™ will “pause” and walk you through the validation process, after which it resumes automatic installation when validation is completed. Moreover, AutoInstall SSL™ not only works with all types of certificates, also it’s compatible with the most trusted Certificate Authorities in the industry, such as Symantec, Thawte, GeoTrust, Comodo, and RapidSSL.

Obtaining and Installing an SSL Certificate Has Never Been This Simple

With AutoInstall SSL™, setting up a new SSL certificate in cPanel is a breeze. The entire process, from purchase to installation, is completed in a matter of minutes. Generating the CSR and installing the certificate are carried out in real-time right in front of the customers’ eyes. The plugin automatically deals with it all, and all the customer has to do is provide essential information to facilitate the entire process. How much simpler can it get?!

A lot simpler, as demonstrated by these 5 easy steps:

Purchase the SSL via WHMCS using the provided plugin or through your own website if you are using The SSL Store’s API.

Receive the Token ID and Token Code. All orders come with tokens once you get hooked up with The SSL Store™.

Deploy the Tokens into the Control Panel. This is basically copying and pasting the Token ID and Token Code into the form found in the control panel.

Provide Admin and Technical Contact Details. This is mainly for purposes of identifying the designated name/person associated with the SSL certificate.

Watch AutoInstall SSL™ perform its magic in real time – right before your eyes.

Available with Multiple Hosting Control Panels

AutoInstall SSL™ currently has two versions that are available for cPanel and Parallels Plesk. It is also designed with the capability to seamlessly work with WHMCS. On top of that, AutoInstall SSL™ will release a Command Line version, as well as versions for Windows and Linux desktops.

Web Hosting Provider as an SSL Reseller – The Potential to Boost Profits

AutoInstall SSL™ does not only make life easier; it can also boost your bottom line. Easily stand out from other web hosting and SSL providers by signing up for a reseller account with The SSL Store™ – absolutely FREE! – No startup/upfront fees, no contracts, no long-term commitment of any kind. Simply join the reseller program, wait for approval from The SSL Store™, and download AutoInstall SSL™ – it’s ready to go!

Although AutoInstall SSL™ is only available to approved resellers at the moment; a web host gets immediate access to all its features once onboard, which typically takes just a couple of minutes. As soon as it’s activated, a web hosting reseller can start telling customers that their SSL nightmares are over. The SSL Store™ offers some of the best pricing in the industry because they purchase certificates in extremely large quantities at deeply discounted rates from some of the most respected brands. Resellers definitely have the advantage of being able to offer this game-changing SSL technology at ridiculously low prices. Along with integration options, robust plugins, and specialized enablement programs, resellers also have exclusive access to a number of free intuitive tools. The SSL Store™ resellers indeed have all the necessary help to sell more SSL.

What AutoInstall SSL™ Can Do for Business – Endless Possibilities

Amid the sea of hackers and data sniffers prowling the Internet these days, SSL certificates become undeniably more crucial to the trust and confidence that a website projects; thus, AutoInstall SSL™ can be particularly beneficial to website owners. Despite SSL’s extreme importance, most people who are not quite familiar with SSL certificates are hesitant about going through the seemingly intricate process. The conventional SSL installation process can be excruciating to some, as it typically involves coming back and forth across second- and third-parties in the course of company verification and nearly all other moving aspects. With AutoInstall SSL™, a website owner gains the capability to secure their website in a matter of minutes and with just a few clicks of the mouse.

The benefits of AutoInstall SSL™ don’t end there. It is especially advantageous to web hosting providers as they are now in a better position to resell SSL certificates. There are numerous quantifiable benefits to that business once AutoInstall SSL™ is up and running:

Significant reduction in associated SSL labor costs

More time to focus on the core of the business

Considerable decrease in support tickets, since customers can actually handle the purchase and installation without having to call for support or open a ticket

Attract and stir up interest among prospective SSL customers

Turn SSL into a profit center that allows you to make money while sleeping!

The SSL Store™ Has Your Back – 24/7-Support from SSL Experts

And here’s the best part: The SSL Store™ provides around-the-clock Platinum-level support through a team of SSL experts via Email, Phone, and/or Live Chat. A dedicated account manager is immediately assigned to all resellers to help them with whatever they need, whenever they need it.

More Than Enough Reasons to Love The SSL Store™

With HTTPS gaining weight in Google’s most recent algorithm update, using robust security certificates has become serious business if you want websites to make it to the top of Google’s search rankings. SSL is now part of any SEO strategy and boosts Google rankings that can eventually turn into huge website visibility and more traffic. The SSL Store™ can be your staunchest ally as it is the world’s leading SSL service that is exclusively and totally dedicated to SSL needs and an upper-stratum, Platinum Level Partner of all foremost CAs. Moreover, the ground-breaking AutoInstall SSL™ technology is a huge business opportunity that largely remains untapped. Don’t let this opportunity go to waste; take advantage of AutoInstall SSL™; watch your profits soar. Sign up for a free reseller account with The SSL Store™ today!

Show more