We tend to visit a lot of websites throughout the week. However, it's important to keep an eye on what kind of websites you visit or even links you click on: you can compromise your computer when visiting unprotected websites or click on malicious links. Here are some tips you can follow to more securely browse online:
Dwayne is concerned that he won't know if a website he visits is safe. What if it's been compromised by a hacker? How would you know until it's too late? Leo says that most of us aren't really the target of a hack unless it's a mass attack. And those are a lot easier to defend against. Website attacks are a very common attack, where a hacker will forge the look of a website in an attempt to get you to log into it and steal your login credentials. This happens with bogus bank links. So it's important to be very careful on the links you click on.
Yesterday, all the extensions for Firefox suddenly stopped working. Leo says it turned out to be that Firefox forgot to renew their certificate for security, causing them all to stop working. Now they're pushing out a fix to get things back up and running.
Darryl is getting messages to upgrade Adobe Flash on his Mac. Leo says do not reply to any message to upgrade your Flash, do directly to Adobe and get the update there. Hackers can compromise websites to include a bit of code to get you to click on a link. It's called a Phishing scam. Flash auto updates now. Or you can use Google Chrome and it will auto update as well. So never click on a link that offers to install an update to flash for you. It's a scam. Another thing you can do is redownload your browser, delete them and reinstall. That will renew certificates.
Michele has an eCommerce site and she has to buy a secure encryption certificate for https. Leo says there's free certificates at a site called LetsEncrypt that can help with this. But her ISP will have to install them. Extensive or Wildcard certs are harder and have to be bought. Leo recommends DigiCert.
Kevin is interested in encryption so that nobody can snoop on his activity. Especially with Let's Encrypt, which Leo says will provide an encryption certificate for his website. It's free, too. To date, Let's Encrypt has provided over 2 1/2 million certificates for websites. And that's a good thing because offering an encrypted version of his website will boost his search engine rating.
When browsing the web, you may have encountered a "certificate" warning from your browser. This happens when you're connecting to a site using encryption, and the browser can't verify the identity of that site. Every browser or operating system comes with a preset list of "Certificate Authorities." These authorities could be governments, companies, or other entities that issue identity certificates to websites. This is all part of the SSL encryption process, and it verifies that you're securely connected to the right place.
Steve is worried he's being spied upon online. He gets a popup on his 4G data connection that says "network may be monitored by a third party." Leo says that's exactly what Superfish has been doing. Certificates get issued by various browser authorities like Google. If he doesn't like it, then he should try another browser.
Steve is worried about Comodo for security. Leo says that Comodo is not Kommodia, so it's not a security issue like Kommodia is. Superfish uses Kommodia to get beyond web browser security, but it was even worse. Comodo, though, is a completely different software. SSL certificates can be circumvented by those who visit Steve's site and there really isn't anything he can do about it. It doesn't really affect you -- it affects them. So Steve should get the encryption he can and understand that it's possible the end user will get something that breaks it on their end, not his.
Peter is getting a popup on YouTube that is saying it has an expired certificate. Leo says that usually indicates an inaccurate date and time set in the computer. He should also update his browser. That will update the certificate authorities.