Breaching Trust: Should We Switch Off Web Sites Which Gain an F Grade?

We increasingly use third party tools to perform external security assessments. Shodan, for example, does a great job in assessing the services which are exposed from a domain. But one of the best assessment tools is produced by SSL Labs, and which tests for the cryptography infrastructure for a Web site. Overall it scans for the TLS protocols used and assesses the quality of the digital certificate used. If the certificate does not match the site, it will be given a T grade. The key focus of the scan is to identity the possibility of a large-scale breach of the trust infrastructure.

Why is it so important?

Venafi recently surveyed 500 CIOs and found that one of the greatest holes in security in their organisations is related to encryption keys and digital certificates. Their report outlines that around half of network attacks come in through SSL/TLS, and this figure is only likely to increase. Along with this almost 90% thought that their company was defenseless against tunneled attack, as they cannot inspect the traffic, and around the same number said that they had suffered from an attack using encryption to hide the attack.

They found also that 86% of CIOs think that stealing encryption keys and digital certificates is a significant threat to their…