Skip to content

Dan’s Tech Blog

Domains Guru, Geek, Coder, Lover of Terry’s Chocolate oranges & Pluviophile

Menu
  • Home
  • About Dan
  • Review / Advertise
Menu

Everything you know about HTTPS is wrong.

Posted on September 17, 2007 by admin

Ok i warn readers now this will be slightly a rant, but hopefully will also act as a warning.

Firstly i would like to explain a bit about HTTPS and to try and clear up some misunderstandings a lot of people seem to have about it.

HTTPS:// which stands for Hyper-Text Transfer Protocol Secure, which is a secure connection between you and the server. HTTPS is NOT a protocol in it’s self. HTTPS is exactly the same as HTTP except it has a extra layer of “security” called SSL (Secure Sockets Layer). When comparing HTTP and HTTPS the only “physical” difference is HTTPS uses a different TCP port (usually 443) where as HTTP uses 80 (or 8080 depending on server set up).

SSL was developed by Netscape for you guessed it sending files and information via the web without nosy neighbors peeking. SSL uses a cryptographic key system. This system uses two keys which encrypt the data being sent, the first being the public key which surprisingly is known to every Tom, Chris and Rumpelstiltskin and then we have the Private key known only to the intended recipient of the data.

I have come acros quite a few people now who assume that because a web-page has “Secure” it means they information, often full credit card details, are secure for the short journey across cyber-space and the comfy stay in a little server on the side of the planet. However often what most do not understand is this is not the case, yes the information can not be easily sniffed or taped on its connection between you and the server, but it does not secure its safety when it reaches the server OR how the webmaster as well as every one who has access to the server (which is often a lot) do with that information.

Just because a server uses SSL (which any body with a website and a spare £15 ($30)ish can obtain, without any security checks for the website i might add, doesn’t mean the server can’t be hacked or even already hacked.

Dodgy webmaster, not only do you have to worry about your personal information being sniffed or viewed on transfer, while it’s sitting on the web server and hackers seeing it, But what about the actual website Administrator? what is he suddenly thinks hey, i have a database full of all the transaction details  i have sold naff to over the net…

Getting security certificates validated by browsers.

Now virtually all modern browsers are both SSL capable and show some type of alert if the incoming SSL certificate  is self signed or invalid.

I would like to make this perfectly clear, ANY webmaster can set up a secure connection for his/her website(s) and it will have EXACTLY THE SAME level of security as a certificate signed by a authority, the only difference being that many browsers have been told by the amazingly outrages persons who run these “cert authorities” that your site is OK!

Other wise your browser experience is hindered by warnings (especially with Internet explorer 7 who refuses to show the page unless you accept)

I hope this has been at least informative to some, i think its probably one of my more readable posts so far!

 Dan – Happy surfing 🙂

[ad name=”posts”]

Facebook Comments

Share this:

  • Click to share on Twitter (Opens in new window)
  • Click to share on Facebook (Opens in new window)

Related

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recent Posts

  • Can technology help predict outcomes?
  • Review: UnoDNS from UnoTelly.com
  • HungryHouse goes Mobile!
  • CAD Helps US Army with Star Trek-Style Replicators
  • Online Reputation Management: An Increasingly Needed Industry

Recent Comments

  • umeh on How to: Install FireSheep
  • ali on How to: Install FireSheep
  • Dan on HungryHouse goes Mobile!
  • Oliver on HungryHouse goes Mobile!
  • ForsterDJ on HungryHouse goes Mobile!

Categories

  • Cool Sites
  • Cool Tech
  • General stuff
  • Google
  • How Tos & Tutorials
  • Humor and funny crap!
  • Infographics
  • Microsoft
  • Ponderings
  • Projects
  • Ranting
  • Reviews
  • Scripts
  • Sponsored Posts
  • Student Partner
  • Tech Events
  • Technological Ponderings
  • Top Ten…
  • Tv/Video/Music Talk
  • Twitter
  • Uncategorized
  • University
  • vLogs
  • Web Hosting
  • Windows Phone
  • Windows Stuff
  • XBOX 360
  • YouTube

Archives

  • April 2015
  • October 2014
  • October 2013
  • February 2013
  • December 2012
  • November 2012
  • October 2012
  • August 2012
  • June 2012
  • May 2012
  • April 2012
  • March 2012
  • February 2012
  • January 2012
  • December 2011
  • November 2011
  • October 2011
  • September 2011
  • August 2011
  • July 2011
  • June 2011
  • May 2011
  • April 2011
  • March 2011
  • February 2011
  • January 2011
  • December 2010
  • November 2010
  • October 2010
  • September 2010
  • August 2010
  • July 2010
  • March 2010
  • February 2010
  • December 2009
  • November 2009
  • October 2009
  • September 2009
  • July 2009
  • June 2009
  • May 2009
  • April 2009
  • March 2009
  • February 2009
  • January 2009
  • December 2008
  • November 2008
  • September 2008
  • August 2008
  • July 2008
  • June 2008
  • May 2008
  • April 2008
  • March 2008
  • February 2008
  • January 2008
  • December 2007
  • November 2007
  • October 2007
  • September 2007

Meta

  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org
Proudly Hosted by allthe.domains
©2021 Dan’s Tech Blog | Built using WordPress and Responsive Blogily theme by Superb