Full Site SSL: Alarm Grid Takes Security SeriouslyPosted By Eric Hochberger
Hi guys and welcome to our first technology post. As head of development, I'll be going over some of the cooler and more unique stuff we're doing at Alarm Grid.
Today I want to address a very serious concern, and a very appropriate one for an alarm monitoring company: security.
By now, I'm sure most of you know what SSL (Transport Layer Security / Secure Sockets Layer) websites are. You know, the ones that start with https:// and have a pretty little green box in the address bar.
You'll generally notice these, or at least look out for them, when you're doing something that should involve privacy. You know, like checking out from an e-commerce store (wait, you go to store other than Alarm Grid!?) or logging in to your favorite social network
But have you ever noticed some sites like Facebook and Google make the entire site SSL? If so, ever wonder why?
It's because of a nasty little thing called session hacking. That's when you're logged into a site and a user can steal your cookie and suddenly be logged in as you without ever even typing in your password!
I know what you're thinking. It's what we all think when it comes to hacking. Pff, that only happens to other people.
Well, you'd be suprised how easy it is and how out of your hands it is. Have you ever logged in to a non-full SSL site at a coffee shop? Then you're vulnerable.
There's actually applications out there any one of you, no matter how little of a tech background you have, could use to session hack. (Google it. Just don't tell them I sent you.)
Even if you login to a secure part of the site and go to a single non-secure part of the website, that cookie (unless they specify it's only for secure pages) is likely out in the open. Suddenly, you just gave a hacker access to that site as you!
That's why Alarm Grid we decided to make the entire site SSL secure throughout the whole page from day one. Just try finding an insecure page. We dare you.
So why don't other companies? Generally, because it's complicated and expensive. But we take your security seriously. Both your home's and your identity's.
If you have any questions for me, please ask me below in the comments!