Improperly used SSL certificates may leave many exposed

Improperly used SSL certificates may leave many exposed

Security firm Qualys announced at the recent Black Hat Conference that an inability to install a certificate needed for successful SSL implementation correctly has likely left many organizations vulnerable to attack, according to a report from Internet.com.

Qualys security researcher Ivan Ristic said his company recently examined the 300,000 most visited SSL-secured sites on the web to test their protection, the news site reported. Of those, just 20 percent had implemented the technology in the most secure way.

The problem, Ristic told Internet.com, is that the remaining 80 percent of websites had some type of SSL-related flaw, like mixed secure and insecure traffic or the use of insecure cookies to validate sessions.

"If you have a mix between some portion of encrypted and unencrypted than you're at risk from session hijacking," he said, according to the publication.

The report illustrates that simply having a system in place is not enough to guarantee that a company's computing infrastructure is proof against intrusion, according to experts. It's important to make sure everything is configured correctly as well.