I was reading recently about the security (or as the author put it, "false security") of SSL traffic, and I thought that I might share it with everyone in case they were not aware of it.

I get the impression that during E-Commerce transactions, people feel at more ease providing confidential info such as Credit Card Details etc when they see a "https://" or a little locked padlock in their browser.

But is this a false sense of security?

How often have you checked the certificate details when in an SSL session?

Sure, maybe your traffic is encrypted so that no one can sniff your details off the wire during transit, but who are you actually providing these details to, and is it who you think it should be?

Also, how securely is your confidential information stored?

When you provide a company these confidential details, you have no idea where these details are being stored, and how secure the server is, who has access to it etc...

Just some food for thought...