Internet Storm Center Infocon Status

Search ISU Security

RSSSubscribe to the RSS Feed
ISU Information Security

Secure webbrowsing – The ‘S’ in HTTPS.

Wednesday, July 29, 2009 14:45

In most webbrowsing information to and from the browser is sent in “plain text” form. This means that all of the information the browser is sending and receiving can be, using network sniffing tools, read just as plainly as the text here. A curious (or malicious) party can, in effect, see everything the browser is doing: what addresses it visits, the contents of pages, information sent by the browser back to a server.

But what if you don’t want the contents of your conversation with a server to be known? How can you be sure the server you’re connected to is really who they say they are?

Enter Hypertext Transfer Protocol Secure (HTTPS). HTTPS was invented to verify between two communicators (the server and the browser) that each was who they said they were. It also encrypts the data set between the communicators, so, a something like “My dog has fleas.” Ends up looking like “B@U+k’T});U=h;.+”.

The importance of this security (verification and encryption) helps ensure the privacy of online transactions. So, when browsing, especially when dealing with online banking, personal data transfers, or log-ins (for webmail, any social websites, or online forums) check for the HTTPS in the address bar. Current browsers also generally display extra information when dealing with a secure site. For example, Firefox displays a lock icon and the address of the authenticated site in the status bar.

Wikipedia – HTTPS