Summary:
Circulating email advises web users to take note of the differences between "http" and "https" in web addresses to ensure that they only provide sensitive personal and financial information on secure websites (Full commentary below).
Status:
True
Example:(Submitted, January 2009)
Subject: FW: Difference between http & https (no joke)
Don't know how many are aware of this difference, but worth sending to any that do not...... What is the difference between http and https
FIRST, MANY PEOPLE ARE UNAWARE OF
**The main difference between http:// and https:// is It's all about keeping you secure** HTTP stands for Hyper Text Transport Protocol,
Which is just a fancy way of saying it's a protocol (a language, in a manner of speaking) For information to be passed back and forth between web servers and clients. The important thing is the letter S which makes the difference between HTTP and HTTPS.
The S (big surprise) stands for "Secure". If you visit a website or webpage, and look at the address in the web browser, it will likely begin with the following: http://.
This means that the website is talking to your browser using the regular 'unsecure' language. In other words, it is possible for someone to "eavesdrop" on your computer's conversation with the website. If you fill out a form on the website, someone might see the information you send to that site.
This is why you never ever enter your credit card number in an http website! But if the web address begins with https://, that basically means your computer is talking to the website in a secure code that no one can eavesdrop on.
You understand why this is so important, right?
If a website ever asks you to enter your credit card information, you should automatically look to see if the web address begins with https://.
If it doesn't, there's no way you're going to enter sensitive information like a credit card number.
PASS IT ON (You may save someone a lot of grief).
Commentary:
This email forward offers some timely advice that may help many Internet users avoid compromising their security online. The message outlines in plain English the difference between the http and https protocols. It explains why it is important to ensure that a web page is using the secure https protocol before providing financial information such as credit card numbers.
©iStockphoto.com/Alexey Khlobystov
Http Protocol
The information provided in the email is correct and well worth heeding. Hypertext Transfer Protocol (http) is a system that allows the transmitting and receiving of information across the Internet. Http allows information, such as the text you are reading right now, to be accessed from the server by your web browser. While http allows for the quick and easy transmission of information it is not secure and it is possible for a third party to "listen in" to the "conversation" between servers and clients.
For many purposes, such as a website article that is open and available to everyone, this lack of security is of no importance. However, if a website is one that needs to collect private information such as credit card numbers, then a more secure protocol is an important prerequisite. For example, purchasing a product or service online or using Internet banking, it is vital that the exchange of information between clients and servers cannot be easily harvested by third parties. Thus, the https (secure http) protocol was developed to allow the authorisation of users and secure transactions.
So, as the message states, if you are required to provide sensitive personal or financial information on a web page, always ensure that the web address starts with https not just http. Knowing the difference between http and https can certainly help web users keep their information secure. For example, if a webpage, such as an Internet banking login page, that should be secure, uses http rather than https in its address, it may well be a "look-a-like" phishing site designed to steal financial information. A genuine financial institution website would NEVER use the unsecure http protocol on any pages that requires customers to provide personal or financial information.
Unfortunately however, even if a site address does display https, it might still be a bogus phishing web page. Internet criminals can sometimes use clever spoofing techniques to make a fake web page appear to be using the https protocol. Thus, other methods of avoiding phishing scams should also be used.
Note:
Most modern browsers also display a "lock" icon in the status bar or, possibly, in the address field, when a secure https website is being accessed. Generally, you can click on the lock icon to display more information about the secure website.
Tuesday, February 7, 2012
HTTP vs HTTPS, What’s the difference
HTTPS (Hypertext Transfer Protocol over Secure Socket Layer) is a secured communication protocol between web browser and web server. You can say it is secured HTTP (think of ‘S’ in HTTPS as secured) protocol. It encrypts any communication that a user sends to a web server and decrypts at server side. Similarly, it encrypts any communication that a web server sends to a web browser and decrypts at browser side. That way HTTPS protocol provides a secured sub layer under HTTP.
So the conclusion is that https is more secured, why do websites use http anyway?
One reason is that https cost more. Another reason is it slows down the website since it encrypts and decrypts every communication a web user sends or receives.
You can place all websites in three categories
HTTP vs. HTTPS
Least Security – These websites use http throughout. Most internet forums will probably fall into this category. Because these are open discussion forums, secured access is generally not required
Medium Security – These websites use https, when you sign in (when you enter your id and password) and use http once you are logged in. Google and Yahoo are example of such sites. MSN (or Hotmail) provides you with an option to use http or https protocol. You can choose ‘Use enhanced security’ option for https or ‘Use standard security’ option for http.
Highest security – These websites use https throughout. Most financial institutions fall into this category. Try logging to your bank or credit card company’s website, you will see https protocol being used throughout.
Tip – So unless you trust the provider think twise when you enter your password on a http website.
So the conclusion is that https is more secured, why do websites use http anyway?
One reason is that https cost more. Another reason is it slows down the website since it encrypts and decrypts every communication a web user sends or receives.
You can place all websites in three categories
HTTP vs. HTTPS
Least Security – These websites use http throughout. Most internet forums will probably fall into this category. Because these are open discussion forums, secured access is generally not required
Medium Security – These websites use https, when you sign in (when you enter your id and password) and use http once you are logged in. Google and Yahoo are example of such sites. MSN (or Hotmail) provides you with an option to use http or https protocol. You can choose ‘Use enhanced security’ option for https or ‘Use standard security’ option for http.
Highest security – These websites use https throughout. Most financial institutions fall into this category. Try logging to your bank or credit card company’s website, you will see https protocol being used throughout.
Tip – So unless you trust the provider think twise when you enter your password on a http website.
Subscribe to:
Posts (Atom)