I’m not really a sports fan, but it was impossible for me to ignore the media spectacle of “The Decision” as it was called. It was a one-hour ESPN special that really needed to have lasted ten minutes. Instead, it was a self-revelatory spectacle devoted to the exploits of LeBron “The King” James.

The media dragged out James and dressed him up in other teams jerseys and asked him stupid softball questions in order to drag the program out and rake in more advertising cash; until finally at the end, LeBron said the words that we all knew having been coming since he himself was responsible for Cleveland choking in the post-season. LeBron had chosen to head to Miami.

Burned jerseys and a bazillion renditions of that theme song from that Kardashian show later, we’ve woken up to the realization that Cleveland Basketball will not be the same. I think that we all knew it was coming, his mind seemingly made up at that final game when he was booed off the court, after handing victory to the Celtics after having blown a 2-1 series lead. To be clear, I blame his lack of a championship ring on himself, and his fellow players. So, saying that he’s going to Miami because he “wants to win” is self-serving rationalization because he’s the cause of his own failures.

I blame him, not so much for moving to Miami, I’m not a sports fan; I could care less. I blame him for the media spectacle he’s forked over onto this area. This area raised and supported LeBron James to the pinnacle of Basketball success that he’s reached. I feel like dragging us all through this spectacle of “is he staying or is he going” and then the one-hour TV special; only to tell us all that he’s headed to Miami was a bit ridiculous. I don’t fault anyone for feeling burned by his self-worship.

Recently, an article titled “SSL Certificates In Use Today Aren’t All Valid” hit the top of popular news aggregator Slashdot.org and was picked up by other popular news outlets. This wildly speculative piece produced by Qualys, a reputable security research firm attempted to state that only 3% of all SSL Certificates in use on the web are actually valid.

SSL Certificates are used to validate identities on the web and are especially critical for E-Commerce and identity validation. You’re using a SSL certificate whenever you type https:// into your browser. The claim that only 3% of these certificates are actually valid is definitely a big deal.

Fortunately for us, the conclusions of this article don’t hold water when you dig into the methods used to obtain them. I can assure you that this claim is totally false. There is an easy way to know if a particular SSL certificate is valid, this works for all of the major browsers in use today. If there is a problem with the validation of a SSL certificate, your browser will tell you. In the case of IE8 and Firefox, the color of the bar on top changes depending on the validity of the certificate; Green for good, Red for Bad.

I’m surprised this article was allowed to be published because of the flawed method which the conclusion was drawn from.

The article author basically took the list of all the domains that exist, then pulled out all the ones that had resolver issues or wouldn’t respond. He did a reverse lookup on the domain name to get the ip that the domain was hosted on. Once the ip was obtained, the author connected over port 443 to that ip in order to obtain the SSL certificate running on that ip. With a certificate in hand, the author compared the certificate to the domain name which was used to obtain the ip address. When 97% of all domains didn’t match, this article was spawned with its headline snatching subject.

The problem was that it appears the author failed to consider several key issues. The primary problem is Shared Hosting, which is utilized as a standard on the web. Many different virtual domains can be hosted from the same server or ip address. I’m utilizing shared hosting for this very page. I host a bunch of domains from the same physical ip. According to this author’s methods, my SSL certificates would be invalid even though there totally legitimate.

I have a certificate that I use for Kozick.com, but I also host the domain coretechconsulting.com. Using the author’s method, coretechconsulting.com resolves to the same ip as Kozick.com. If he were to connect and obtain my certificate, it would say Kozick.com. He would compare that certificate to the original domain and say that it is invalid because it does not match coretechconsulting.com. One server may host multiple domains, but that does not mean that there is a SSL certificate in use for each of them. We have to consider their use when judging if it is indeed invalid. It’s totally legitimate for a server to respond with a certificate with one domain, while hosting multiple domains from the same ip address. This does not qualify as invalid.

This headline was meant to be inflammatory, however the methods used to obtain the actually data and information in the article do not stand up to peer scrutiny. You heard it here, this article is bogus.

Sources:

SSL Certificates In Use Today Aren't All Valid

About the Author

Greg J. Kozick is an experienced IT Professional with experience in many emerging IT technologies. His services are available for hire at http://www.coretechconsulting.com. You can also follow his tech blog The Akron IT Guy. You can contact greg at > greg@kozick.com.

0 Comments  //  Leave A Comment  //  Topics: e-commerce, hype, security, SSL