What is HTTPS, and what it isn’t – Security In Your Viewing and Purchasing On The Web

What is HTTPS? HTTPS is a concept that is widely misunderstood among the general populace. And it’s not really explained in browsers too much!

The “S” of HttpS of course, stands for security. This means the site you’re on has a security certificate. What it is, precisely, is a ‘Security Certificate’, or stamp of validation so to speak, from a 3rd party that verifies the fact that all connections between the browser and the server are one on one. In normal browsing, it’s very commonplace to have assets loaded from ‘insecure’ (insecure does NOT necessarily mean dangerous at all, more on this later) resources, because it’s simply not necessary if data isn’t being entered. SSL is used when, say, checking out at a store website.

What is HTTPS verification in relation to Ecommerce and CC Security?

If a store is SSL verified when you pay, an outside resource (whoever issued your certificate, whether it’s Godaddy, Bluehost, 1&1 or any other company offering the certificate) that issues security tickets has verified the website as safe, as well as passed automatic and mandated/regulated checks that all resources, including pictures and scripts on the site are from the website you’re buying from ONLY. So as an example, if you’re buying from johnssite.com, he can’t load scripts from hackersite.com. In our scenario, he’s hacked through a broad scale JavaScript injection. And doesn’t know about it, but if you’re on https://johnssite.com, http://hackersite wouldn’t be allowed to have scripts on the site.This would “cancel” out the hacking in a sense. This is a very rudimentary explanation/example of a very complex subject.

Examples of infection/compromising, what is HTTPS

This is extremely useful in many ways, one more prevalent in modern day is the advent of malware that infects through Extensions. These extensions slickly install themselves into your Chrome. This is through shady websites that run insecure resources, and install scripts into your browser. These scripts can/will modify the source code of a webpage you’re viewing, which can inject JavaScript into your page and can attempt to capture your personal data, especially if you allow. If you’re on a page that is HTTPS verified, it will not be verified if you have this malware. This is because the malware will be from a different domain, which is breaking the rules of secure connections. The best way to avoid any of this is to avoid shady sites to download things.

If anything sounds too good on the web, such as “FREE IPOD” (We’ve all seen it!), it probably is, and they have a reason for getting you to try and click it. If you follow this way of thinking it’s easy to avoid malware and general need for secure sockets. It is suggested to have a HTTPS connection verified if you enter your credit card number on a website.

Why might I not need HTTPs?

The reason for this is that the S means that, no information can leak. This is because another source is ‘checking’ that the site follows multiple standards. It’s a validation that you’re following all the rules, but the this is only important for stores. It only matters if the data is sensitive, I don’t think many people design their site with getting hacked in mind. So, if it doesn’t matter if it gets hacked, and it has good protection anyway, why would you need a security certificate? You don’t, and this is why it’s not always needed.
Https is a concept that works for SEO, and the general populace in general trust factor.

Leave a Comment

Your email address will not be published.

RSS
LinkedIn
LinkedIn
Share
Instagram