Thursday, February 28, 2008

Use SSL When Available - Browser Setting

It would be safer if you could force your browser to use SSL whenever available and alert you if the SSL encryption level being used is a version that has some security limitations and can potentially be hacked.

As far as I know this doesn't exist other than forcing ALL sites into SSL which is not very convenient.

Most banks now are forcing users into SSL for ALL web browsing - this is something I think more people should do and someone needs to implement a better way to discover and block invalid certs - and also track down the people doing it and prosecute them.

SSL is the only way I know of to verify you're at the site you think you're at that is stadard in all browsers. If you use http, could be your DNS cache is poisoned or you're using a cached copy or...?

This area of web browsing definitely needs to be improved.