In a world of unsecured access points, SSL is the first - and last - line of defense

Pete Lindstrom over at Spire Security thinks SSL has never been useful and that it has "outlived its usefulness".

I'm going to disagree and say that SSL is more relevant today than it was way back in 2000 when I was jamming PCI cards into HP Proliant servers in my basement to do performance testing.

The top reason: millions of unsecured wireless access points.

In a completely wired world, SSL could be seen as merely providing a false sense of security for consumers. But in a world that doesn't require wires and that doesn't properly educate the millions of digital neophytes whose primary purpose in using WiFi is to make their latest purchase on e-bay from the comfort of their couch instead of a desk, SSL is no longer providing a false sense of security, it really is securing sensitive data.

Consumers really do not understand that an unsecured access point can easily be hijacked by a curious neighbor or that nefarious digital stalker lurking in their neighborhood. Without the use of SSL to secure in-flight data from prying eyes, the growth of identity and credit card theft would likely far outstrip the rapid pace it maintains today.  

Yes, Pete's right in that there may be easier (and cheaper given the price of gas these days) ways to remotely steal sensitive data, but in the big scheme of identity and credit card theft I would argue that it's actually easier to simply buzz the local neighborhood, wardrive for open APs, and then to sit on them until someone hits submit on their latest Victoria's Secret order.

Imbibing: Mountain Dew

Technorati tags: , ,