With all of the news that we have been reading about private data being hacked we decided it was time we took a look at our browsing habits. Are we doing our best to keep our info safe? Are we following best practices in our online shopping?
As we starting thinking about how we spend money online we realized that some of the websites we frequent began with "https" and some just "http" and we wondered what the difference was.
A little online research yielded the answer to our question. HTTPS is Hyper Text Transfer Protocol Secure and is a secure version of the HTTP we know and love. Basically it's HTTP with SSL. Secure Sockets Layer or SSL is the standard security technology for establishing an encrypted link between a web server and a browser. SSL scrambles the connection between you and the intended recipient so that only the intended receipient can decode it. That Sony leak that was in the news recently? You guessed it, an encrypted connection was not used.
How can you be sure that the site you are buying from or putting your info in is using this secure technology? One way to spot this is the tell tale "https" in the URL, another is an image of a lock in your URL window of your browser.
An informal survey of the sites we commonly use showed that any site that we put payment information into was using HTTPS which made us feel a bit better about our online security habits. However, now that we are armed with this information we will be sure to check for that "s" and will think twice about any purchases from sites that are not using this secure technology.
More on security from the Unplggd archives:
- Fake Answer Security Questions for Safer Online Browsing
- How to Better Protect Your Online Identity
- 5 Computer Security Myth Busters
Do you ever check for the "https?"
(Images: Flickr members Sybren A. Stüvel & John Menick licensed for use under Creative Commons)
Ellen's Thirties Style Small Space
Juan's Garage Turned Modern Guest House
Good Food to Share 
The Big Book of Small, Cool Spaces 
Apartment Therapy Presents 
The Eight-Step Home Cure 
Commercial Flour Sa...
How to Cook Rice on the Stove
Recipe: Thai Ginger Chicken Stir-Fry
You should always use HTTPS and be sure to have different passwords for all your sites. Why? Well if you log onto facebook without HTTPS you are sending your login info unsecured. Should that be intercepted, and that login info be what you used to do your banking then HTTPS on your banking site wont matter, they already have your data. Keepass or lastpass is really the best way to go.
It should be noted that simply having https is not, in and of itself, proof that you're safe online. For instance, if you're somehow led to a phishing site that looks like your real banking site, they may set up an https connection with you just like your real bank does. So while you may have an encrypted connection, the person sharing the connection with you could still be a bad guy.
The way to check for something like that is to look up the SSL certificate that's been issued to them to verify that they are who they claim to be. My browser shows me the certificate information if I click on the tiny padlock symbol, and I can look it over to ensure that the certificate is valid.
The hidden benefit to https is that when I go to facebook or monster.com with https instead of http I can get through my corporate firewall. That doesn't mean that I'm not monitored, but if I need quick in and out for something I can do it. Just be careful doing this because your site visit can still be logged, it just might not be noticeable as a small blip in the log.
Ah yes, HTTPS, my secret pathway to facebook and onlines games when I was still in High School.
@funstraw: If you are using a work computer, or if you have installed any kind of software package needed to connect to the company network on your own, you shouldn't feel that safe when even when using SSL
Encrypted traffic represents a tunnel through any content filtering, virus scanning, or other firewalling that IT might feel is essential to network security, so don't be surprised if your company uses SSL filtering.
Such filtering means HTTPS connections are in reality first made to their proxy, which decrypts the traffic, probably scans it, then re-encrypts it and passes it on to wherever it was originally headed.
Something to keep in mind.