CloudFlare, a San Francisco start-up that offers cloud
-based optimization and online cybersecurity protection, said it plans to offer Web sites free encrypted HTTPS connections.
HTTPS, or Hypertext Transfer Protocol Secure, is an encrypted connection between a user's computer and Web site's servers that prevents hackers from stealing sensitive information, such as a Web user's login and password.
About 2 million Web sites, including Facebook, Amazon and most banks, already use HTTPS connections, but there are hundreds of millions of other Web sites that do not. After the disclosure of a major Russian hacking ring, Google this week announced that it will give more weight to HTTPS-enabled sites on its search results, hoping to inspire more companies to adopt the technology.
But adding the security protection requires purchasing an annual certificate, and it can be complicated and costly for companies with complex Web sites to enable HTTPS.
Enabling HTTPS for free will be costly for CloudFlare, which will have to obtain a certificate for every Web site that signs up. But free HTTPS will introduce CloudFlare to more customers, some of whom may eventually sign up for one of its paid plans, which range from $20 per month to thousands of dollars per month for clients with intricate Web sites.
Michelle Zatlyn, CloudFlare co-founder and head of user experience, says securing more Web sites will make it easier for her company to defend its clients from distributed denial of service attacks, which is when a hacker uses a botnet, or a network of infected computers and Web servers, to crash a Web site with more traffic than it can handle.
"We provide security for a lot of big customers, and if someone runs a small blogging site or a personal Web site and they get compromised they can be used as part of a botnet to launch larger attacks," she said. "We care about making everyone on the Internet secure so they can no longer be used as ammunition."
The company, which is working on the technical requirements to support all the Web sites that they expect to sign up, plans to begin offering the free service in mid-October.
© 2014 Los Angeles Times (CA) under contract with NewsEdge. All rights reserved.
Posted: 2014-08-12 @ 12:47pm PT
The real costs of an SSL certificate are minimal. Certification Authorities are abusing their position to extoll a high price. Some of it might be justified, e.g. for the manual work of extended validation, but a basic domain validated certificate can and should be less than $10 / included in the domain name registration.