"SSL" (Secure Sockets Layer) is a standard for establishing an encrypted link between a web server and a browser to ensure that all data passed between the web server and the browser remains private.

The "geeks at Pingdom" describe a problem with the way Firefox version 3 handles "SSL certificates" (which the casual user does not even see under normal conditions):

• New SSL policy in Firefox hurting tens of thousands of sites, Pingdom, August 19, 2008.

If you visit a website with either an expired or a self-signed SSL certificate, Firefox 3 will not show that page at all. Instead it will display an error message, similar to any other browser error (for example a “page not found” 404 message).

...[T]his is not something that only affects smaller websites. For example, the SSL certificate for the official US Army website [https://www.us.army.mil/] is declared invalid by Firefox 3.

See also:
What is SSL? (ssl.com)
SSL (Webopedia)
SSL (Wikipedia)

A comprehensive study entitled, "Understanding the Web browser threat: Examination of vulnerable online Web browser populations and the "insecurity iceberg"" was recently released. It concludes that only 60 percent of the world's Internet users surf with the latest, most-secure versions of their preferred browsers.

Why is this important? Upgrading to the latest, most-secure version of your favorite browser will provide better protection from Web dangers, such as spyware, phishing, and viruses. It is also important because it relates to changes that are coming to the FDLP Desktop.

A re-release of the FDLP Desktop is due in the next few months. This re-release will improve our dissemination of Program-related content and news, but also release new community-based interactivity.

During the course of the redesign, our research has shown that many of our users are surfing with legacy browsers. In addition to these legacy browsers being vulnerable to various Web dangers, they are also not built to today's Web standards. While the upcoming re-release of the FDLP Desktop is being backcoded to allow for legacy browsers, such as IE6, we are not ensuring 100% compatibility. Meanwhile, users utilizing IE6 to surf the new Desktop will receive a warning at the top of their screen regarding the dangers of IE6 and an encouragement to upgrade.

So, with that said, which browsers/versions should we be using? Based on the report, they are:

• Firefox 2 and 3
• Internet Explorer 7
• Opera 9
• Safari 3

Stay tuned! Next week, I will be releasing more information about the upcoming re-release of the FDLP Desktop as well as some new tools that we have up our sleeves.

According to the calculations of Washington Post Security blogger Brian Krebs, Microsoft Internet Explorer 6 was "unsafe" (that is, vulnerable to known security holes, with no available patches) for 284(!) days in 2006 -- more than 75 percent of the time. By contrast, Firefox experienced a total of nine days' worth of insecurity last year. Take a look at the vulnerability graph to see the problems with IE.

When are folks going to get wise, dump IE and instead use Firefox, Opera, Safari (for macs) or some other -- any other! -- standards-compliant, secure browser.