Thursday, July 4, 2019

HTTPS means "secure," not "safe"

By now, most of us know to look at the URL, or uniform resource locator, of web sites we visit. The URL is more simply known as the web address. For example, https://www.blogger.com is a URL.

When a URL starts with HTTPS, it means that the web site owner has purchased an encryption certificate and applied it to that particular web page. This means that any data you type into that page, such as user name, password, payment card number, account number, etc., is encrypted in transit. In other words, your sensitive data is secured when it is transmitted from your computer up to the server that hosts that web page on the Internet.

When a URL starts with HTTP, it means that your user input on that web page is not encrypted. And that is all it means.

HTTPS does not mean that the web site is safe to visit - it just means that your data is encrypted. Bad guys can buy encryption certificates just as easily as legitimate site owners. And because browsers like Chrome visibly proclaim a site is "not secure" when HTTP is in the URL, users are more apt to associate that HTTPS sites (which do not display the warning) must be safe to visit.

Not so!

Always be cautious of browsing to unknown or unfamiliar web sites. Only navigate to sites you deem trustworthy. And stop clicking! Just because a site is encrypted does not mean that it cannot infect your computer with malicious software if you click a link on it.

For more information, check out the warning issued by the FBI three weeks ago at https://www.ic3.gov/media/2019/190610.aspx.

No comments:

Post a Comment