Re: http - how secure is it?
Quote:
Some background reading |
Re: http - how secure is it?
HTTPS doesn't just encrypt the data securing it, it also uses certificates to prove that the site is who it says it is. That's probably more important even if just reading data and that no-one is impersonating the site.
If you use a proxy, especially at work, they will install certificates in the browser so the proxy can intercept, decrypt, inspect and rerecrypt on without warnings but generally if the certificate doesn't match or isn't issued properly you browser should warn you. What is causing pain now are the alternate DNS names being enforced on the main name where previously only needing for additional names. This is where you may use variations in name to provide different services but only want one certificate, e.g. www.bbc.co.uk, news.bbc.co.uk (yes I know they do it different now) can all have one certificate, used to be www.bbc and then new.bbc etc in the alternate names, now also have to have www.bbc in the alternate names. |
Re: http - how secure is it?
Quote:
Run one from bitdefender, run one from an online scan such as eset download and install RKill https://www.bleepingcomputer.com/download/rkill/ and run this program. This will stop any processes that might be malware and block deletion if required. Then download and install malwarebytes and run a scan with that I have a feeling something else is causing your flags ---------- Post added at 12:13 ---------- Previous post was at 12:12 ---------- Quote:
|
Re: http - how secure is it?
I use Windows Defender.
I don't download dodgy stuff, and I scan the relevent files. |
Re: http - how secure is it?
Quote:
|
Re: http - how secure is it?
Quote:
ANY site running on http can be intercepted and the contents of the site changed before it gets to your browser, https prevents this happening. Of course, https encrypts all traffic between your browser & the server, so for example your password & any form you fill in, cannot be snooped upon. Here's a very good article about why every website needs https https://www.troyhunt.com/heres-why-y...e-needs-https/ There's a video with a demo of changing the contents of a site, without actually changing the site, just what is delivered to your browser. But as others have said, https does not mean that the site itself is safe or secure, it's the connection to/from the server Quote:
If your friend does allow http then he may as well disable https altogether, no point in having it then. Quote:
There is no excuse for not having https these days, can be done totally for free with a little work. |
Re: http - how secure is it?
Quote:
|
Re: http - how secure is it?
Quote:
ssssh, qualified people talking.... |
Re: http - how secure is it?
Quote:
You could have a valid https certificate for cableforum.uk or cablef0rum.uk. A valid certificate doesn't guarantee anything about the trustworthiness of the site you're on. |
Re: http - how secure is it?
I vaguely recall a year or two ago, I had quite a few certificate warnings on various sites/pages that normally were ok . . . not sure if it was down to a change in how they're done or a cock up somewhere in the system?
|
Re: http - how secure is it?
Quote:
News sites do not need to use https, of course, they can choose to. Quote:
A single SSL certificate can have many alt names, hundreds if you are daft enough (our own cerificate here has nine). You can also get wildcard certificates to cover all the sub domains on a main domain. |
Re: http - how secure is it?
Quote:
One of the biggest was Symantec https://www.thesslstore.com/blog/sym...usted-tuesday/ Quote:
|
Quote:
Or the site can install 'NO BROWSER LEFT BEHIND' which lets even older browsers connect HTTPS http://blog.cloudflare.com/sha-1-dep...er-left-behind Quote:
|
Re: http - how secure is it?
Quote:
|
Re: http - how secure is it?
Quote:
Quote:
As I said before, there is no excuse today, for any website not to allow only https connection. |
All times are GMT +1. The time now is 00:16. |
Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2024, vBulletin Solutions Inc.