SoylentNews

Serp Kannella and the Fuzzy Filters writes:

Seals certifying the security of many websites have long been suspected [theregister.co.uk] of not being worth the bits they're made of—much less the hundreds or thousands of dollars they cost in yearly fees. Computer scientists have recently presented evidence that not only supports those doubts [arstechnica.com] but also shows how such seals can actually make sites more vulnerable to hacks:

The so-called trust marks are sold for less than $100 to well over $2, 000 per year by almost a dozen companies including Symantec, McAfee, Trust-Guard, and Qualys. The marks are designed to instill trust in users of the site by certifying it's free of the vulnerabilities that hackers exploit to steal credit card numbers and other data.

In one of the experiments conducted by the researchers, even the best-performing service missed more than half of the known vulnerabilities. They uncovered flaws in certified sites that would take a typical criminal hacker less than one day to maliciously discover, and the researchers also developed exploits that are enabled by a site's use of security seals.

---

Original Submission