Laporan: Situs Web Yang Terinfeksi Malware di Tahun 2010 Dua Kali Lebih Banyak

Web-based malware growth Q3 2009 - Q3 2010 (Credit: Dasient)

The number of Web sites infected with malware has doubled from a year ago to more than 1.2 million, according to a study released today by Internet security company Dasient.

Not only are social-media sites getting targeted, but sites of larger government agencies increasingly are hit, including the National Institutes of Health, the U.S. Treasury, and the Environmental Protection Agency, according to the report. In the last two years, the NIH has been infected and reinfected five times, and the state of Alabama's site was infected 37 times.

Read more: http://news.cnet.com/8301-27080_3-20023576-245.html#ixzz16dJbxAqC

Bagaimana Enkripsi Mengamankan Komunikasi pada Web

For many years, the SSL (Secure Sockets Layer) protocol has been securing web transactions using encryption between your web browser and a web server, protecting you from anybody that might be snooping on the network in the middle.

SSL itself is conceptually quite simple. It begins when the browser requests a secure page (usually https://)

The web server sends its public key with its certificate.


The browser checks that the certificate was issued by a trusted party (usually a trusted root CA), that the certificate is still valid and that the certificate is related to the site contacted.



The browser then uses the public key, to encrypt a random symmetric encryption key and sends it to the server with the encrypted URL required as well as other encrypted http data.



The web server decrypts the symmetric encryption key using its private key and uses the browser’s symmetric key to decrypt its URL and http data.



The web server sends back the requested html document and http data encrypted with the browser’s symmetric key. The browser decrypts the http data and html document using the symmetric key and displays the information.

Enkripsi Asimetrik

First, Alice asks Bob to send his open padlock to her through regular mail, keeping his key to himself. When Alice receives it she uses it to lock a box containing her message, and sends the locked box to Bob. Bob can then unlock the box with his key and read the message from Alice. To reply, Bob must similarly get Alice’s open padlock to lock the box before sending it back to her.

The critical advantage in an asymmetric key system is that Bob and Alice never need to send a copy of their keys to each other. This prevents a third party (perhaps, in the example, a corrupt postal worker) from copying a key while it is in transit, allowing said third party to spy on all future messages sent between Alice and Bob. In addition, if Bob were careless and allowed someone else to copy his key, Alice’s messages to Bob would be compromised, but Alice’s messages to other people would remain secret, since the other people would be providing different padlocks for Alice to use.

Asymmetric encryption uses different keys for encryption and decryption. The message recipient creates a private key and a public key. The public key is distributed among the message senders and they use the public key to encrypt the message. The recipient uses their private key any encrypted messages that have been encrypted using the recipient’s public key.

Enkripsi Simetrik

Alice puts her secret message in a box, and locks the box using a padlock to which she has a key. She then sends the box to Bob through regular mail. When Bob receives the box, he uses an identical copy of Alice’s key (which he has somehow obtained previously, maybe by a face-to-face meeting) to open the box, and read the message. Bob can then use the same padlock to send his secret reply.