This Day On The Street
Continue to site
ADVERTISEMENT
This account is pending registration confirmation. Please click on the link within the confirmation email previously sent you to complete registration.
Need a new registration confirmation email? Click here

The Digital Skeptic: Amateurs Are Taking Over, and Risking, Web Security

In 2011, the government of the Netherlands released a harrowing must-read account of the hacker takedown of a large Dutch certificate authority called DigiNotar. The frankly not terribly sophisticated attack effectively bankrupted the company and vaporized a $12.9 million investment by a firm called Vasco, which had bought DigiNotar earlier that year.

Not surprisingly, similar but bigger CAs such as DigiCert and Entrust have invested in ambitious cooperative security plans. But just like the rest of the wobbly Web, the race-to-the-bottom digital age economics makes law and order elusive.

"Certificate authorities were complex and lucrative at one point," Alberto Yepez, said managing director at Trident Capital, a major Silicon Valley security venture shop, when we later spoke at another nearby watering hole. "But now they're becoming commoditized."

The upside on Web risk
This all leads to an only-in-the-Internet-age investor upside: Considering that everyone from Facebook (FB) to The New York Times to Burger King (BKC) is mitigating embarrassing, value-affecting security lapses, the crumbling CA infrastructure actually offers a tantalizing lens into which firms take security seriously -- and which do not.

It turns out that the clues lie around in plain sight.

"It varies by browser, but any user can see on any page who the CA is for that page," Wilson told me. And with a bit of practice, he said, just about anybody can get a feel for the security posture of the company creating that Web page.

Wilson says the place to start to see who has security game is with a tool called the SSL Configuration Checker, based on an app from Redwood City, Calif.-based Qualys (QLYS). Any firm's Web page scoring a B or lower has issues to answer for. If you want to humor your deeper, inner security nerd, here's a link to the uber-geek white paper on the topic.

"This is an industry that rewards due diligence," Wilson told me.

But he made it clear: Building a security model that evaluates the level of practical risk a Web company is managing, based on analysis of trusted third parties such as CAs, is a lot of work.

"You'll have to build your own tools," he said. "It's the Wild West out there."

The Wild West on an alien planet, more like it. But somebody has to settle it.

This commentary comes from an independent investor or market observer as part of TheStreet guest contributor program. The views expressed are those of the author and do not necessarily represent the views of TheStreet or its management.
2 of 2

Check Out Our Best Services for Investors

Action Alerts PLUS

Portfolio Manager Jim Cramer and Director of Research Jack Mohr reveal their investment tactics while giving advanced notice before every trade.

Product Features:
  • $2.5+ million portfolio
  • Large-cap and dividend focus
  • Intraday trade alerts from Cramer
Quant Ratings

Access the tool that DOMINATES the Russell 2000 and the S&P 500.

Product Features:
  • Buy, hold, or sell recommendations for over 4,300 stocks
  • Unlimited research reports on your favorite stocks
  • A custom stock screener
Stocks Under $10

David Peltier uncovers low dollar stocks with serious upside potential that are flying under Wall Street's radar.

Product Features:
  • Model portfolio
  • Stocks trading below $10
  • Intraday trade alerts
14-Days Free
Only $9.95
14-Days Free
Submit an article to us!
SYM TRADE IT LAST %CHG
AAPL $128.95 0.00%
FB $78.99 0.00%
GOOG $537.90 0.00%
TSLA $226.03 0.00%
YHOO $42.51 0.00%

Markets

DOW 18,024.06 +183.54 1.03%
S&P 500 2,108.29 +22.78 1.09%
NASDAQ 5,005.3910 +63.9670 1.29%

Partners Compare Online Brokers

Free Reports

Top Rated Stocks Top Rated Funds Top Rated ETFs