Some Thoughts on SSL Security


I thought of sharing my thoughts on SSL as this is something that has been in the headlines recently. There are a lot of great things about SSL in terms of security. However, it is also important to learn about the weaknesses of SSL.

SSL encryption provides a mechanism for a web server and a web browser to exchange data via an encrypted “tunnel”. They do this by a secure exchange of encryption details.
• The client requests information from the web server via SSL
• The server replies with its digital certificate and encryption preferences. The certificate includes a public key.
• The client generates a session key which it then encrypts using the server’s public key. This is sent to the server.
• The server uses its private key to decrypt the session key.
• The client and server both now have the session key, and this is used to encrypt all data exchanged in both directions for the rest of the session.
• In addition, each packet is signed to ensure that no tampering takes place.
SSL provides Authentication – using a “web of trust” model. If you visit my employer’s SSL based websites then you / your browser decides to trust us based on the following:
• Our server obtains a certificate from a trusted “root certificate authority”.
• The root CA should take steps to verify that someone who applies for a certificate is who they claim to be. This should involve actual investigation of the business, checking details of registered companies, and the like.
• Your browser has certificates from these root CAs. When it receives a certificate from a server, it checks its own records for a corresponding “root CA” certificate.
• It uses this to ensure that the certificate just presented to it is legitimate.
• In other words, you trust me because “Honest John’s certificates” says that I am who I claim to be, and you have decided that you trust Honest John.
• Now are you sure that you really trust Honest John? Are you sure that he really verified my claims?
• Are you sure you trust your web browser? The most likely scenario is that the certificates in use will be pre-loaded by the browser developers, not hand picked by you.

SSL vulnerability has been exposed recently hence the need to be educated regarding this so that you can patch up some of the vulnerabilities.

As an exercise for the reader, where do you think this model breaks down to allow the “break” described below and elsewhere?

Why I Cannot Do Without Carbonite

online-backup-technology-carboniteAs a Carbonite user for the past three years, I’m very satisfied with the services. I can pretty much say that this online backup service is worth it. I have never had to spend extra time to back up my computer files. I like that Carbonite has an automatic setting that can do the backup process by itself.

But the automatic setting is just one good reason why I like Carbonite. After three years with Carbonite, I have experienced all the benefits this particular online backup service provider has to offer. However, I would like to share the benefits that matter to me most.

The Choice Between Manual And Automatic Setting

I’ve already mentioned that Carbonite automatically backs up all the computer files. While this is particular benefit that really amazes me, it’s worth noting that Carbonite also has a manual setting.

With the manual setting, backups can be scheduled. It can be done once a day or at certain times of the day. It’s really just a matter of choosing the setting that suits our needs. In my case, nothing beats the convenience of the continuous backup Carbonite has to offer.

Easy To Restore A File

This is one of the many benefits of Carbonite that really matter to me. I can guarantee that it’s very easy to restore a file with Carbonite. Although I’ve never experienced any major disaster that can totally damage my computer (thank goodness!), I have had to restore files so many times. Such is why I can guarantee how easy it is to restore a file with Carbonite.

In line with this, Carbonite keeps previous copies of files. So no matter how many times I’ve updated and saved a file, I can always refer to the previous copies of any particular file. All I have to do is right-click on the particular file, choose Carbonite from the list of options, and click on “restore previous file.” It’s that easy. I have done it so many times. This particular feature of Carbonite has saved me a lot of time from having to redo any file.

Files Are Encrypted

Carbonite encrypts all the computer files before it transmits them online according to This is pretty much the security feature I’m looking for in an online backup service provider. My files are not exposed online and I’m the only one that can access them. Of course, I just really need to protect my password so no one gets into my account.

Since I keep a lot of important files, this security feature really matters to me. Personal documents like passports, bank certificates, and official receipts have to be protected. If other people can easily access such information, my identity may be at risk. The encryption process of Carbonite really gives me peace of mind. That’s very important for me.

It’s Very Affordable

It really matters to me that Carbonite is more affordable with an offer code. I am able to enjoy all the benefits at a fixed annual rate. I don’t have to worry about any surcharges. Once I renew my account, I’m good to go. It fits my budget really well.

Even businesses stand to benefit from Carbonite business solutions, which also very affordable plans which can suit your business needs. More than half a million businesses worldwide trust and use the company’s various business plan offers.

Carbonite, definitely, has more benefits than what I’ve just mentioned. But In my case, these are the benefits that really matter to me. Basically, Carbonite makes it very easy for me to back up and restore a file. At the same time, Carbonite guarantees security and affordability. Those are my reasons as to why I cannot do without Carbonite.

Is Mobile Data The Next Cash Cow?


History is not repeating itself. Mobile data is not yet a cash cow like voice and SMS. The big Internet search brands’ investment in developing technology, running search services and the costs of incentives that must be offered to get onto operators’ decks are not providing a good enough return on investment. They are obliged to push models based on pay per click or use to generate revenue, which they also have to share with operators. Yet these charges put consumers off using the services.

This is the reason for the brands’ deafening silence at the moment in the mobile search market: they are all trying to work out a viable business model.

Yahoo! was bullish with its launch at CES, but there are figures available about the uptake and use of its monolithic search services. Since then 3.0 and other changes show frustration also from Yahoo! trying to get the model right.

Over the same period, Microsoft’s profits have increased by 13% and Google’s by over 40%, but none of this growth is coming from the mobile market. The growing online advertising market is still their bread and butter.

AOL, a late comer to the market, has ramped up its branded search entrance, offering some impressive solutions, but only within AOL Europe and MVNO Deutschland. AOL is still very much for early adopters, playing catch-up in mobile search.

So where does this leave white label companies?

White label search is in a potentially strong position.

Operators are finally realising that they are weakening their standing with consumers by offering Google and Yahoo!’s services, and are now looking to rectify this with own-brand, white label services.

White label search providers cannot offer search services free of charge because of venture capital investment that force them to pay attention to their bottom lines in the short term – VC funding is all about fattening a company up for sale in fewer than five years.

This means that mobile operators are being forced into another round of spending on mobile data, which they endeavour to recoup from their consumers, which in turn inhibits take-up.

The Catch 22 situation escalates as the white label providers push advertising onto operators as a sweetener for their investment, with the promise of faster new revenue streams from data services.

Operators find themselves with search and advertising services promising to be the two-headed saviour of their data services despite a glaring lack of a concrete evidence.

Where does this leave consumers?

Consumers are faced with a larger choice of search and data options, on and off-portal.

They are confused about the cost of using the services due to poor communication and inconsistent approaches by operators.

Consumers start to download clients that are free and promise a straightforward interface without being fully aware of the cost. This leads to an initial surge in the take-up of new services followed by a sharp reduction after the bills hit home.

Consumer are served adverts within search results and, in the case of click to call, need to add the cost of a phone call to that of the search.

Mobile operators try to encourage users to enjoy search in a multitude of different ways (see the September issue’s analysis of T-Mobile’s user interface for its portal which deploys five different search engines), but what is free, what is included in portal use and what costs money to access is typically not made clear.

Conclusion: The cost of mobile search continues to dampen consumer demand. The fact that its costs are not easy to understand means that mobile search uptake, revenue and results are faring poorly. Google is a big brand on the Internet, but Vodafone and T-Mobile are big brands on the mobile web that also need to earn euros from hosting and managing services.
Mobile search will not become the hugely popular consumer service it should be until prices come down. This is not about the price of the device or the cost of the voice contract, so much as the charges for using mobile search and portal services. Transparency is needed, but attempts so far are not close to being good enough. There are many “unlimited” data bundles, but in fact they are all restricted. Data rates are capped at speeds that are risible in the fixed world, while fair use policies are fair to the operator, not the consumer, although they vary considerably.