Most websites that handle sensitive information, such as banking and shopping sites, use SSL to keep your private information safe, but sites like Facebook, Gmail, and Twitter also give you the option to use SSL. For other sites, check your account settings to see whether this feature is available.
Certificates: Any websiteâ€”including malicious onesâ€”can use SSL, so the lock icon in your browserâ€™s toolbar by itself does not mean that youâ€™re safe.
Enter certificates. Briefly, a certificate is a digital document of sortsâ€”an ID badgeâ€”that verifies a siteâ€™s identity. Certificates are typically issued by organizations called â€ścertificate authorities,â€ť and most are â€śsigned,â€ť which basically means that the certificate authority was able to verify the identity of the website in question. If a certificate isnâ€™t signed, however, your browser will usually pop up a warning about it.
Like everything in security, though, a certificate isnâ€™t a sure thing: In September, a hacker claimed to have broken into the computer systems of DigiNotar, a Dutch certificate authority; the breach resulted in the issuance of forged certificates that attackers might use to make malicious sites appear legitimate and secure.
If you want to learn more, security training company SANS offers a comprehensive glossary of security terms. Googleâ€™s â€śGood to Knowâ€ť site is a great place to brush up on basic Internet security. And our Security Alert blog provides ongoing security news and information.