Skip to main content

The letter "S" in HTTPS what divine and it does make your site better security?


The big misconceptions about HTTPS is helping promote the popularity of this connection, and it absolutely does not accidentally confused as such.


We are in a time of great change on the web, the familiar HTTP prefix is being rapidly replaced by HTTPS. The HTTPS prefix has also long since in the Web world, but are often used in the pages related to more money such as: the Bank's website, the online shopping store, social networking or Web services like Gmail.

However, at present the sites still use HTTP is being encouraged, motivated by both Google and Mozilla to quickly switch to HTTPS. In which browsers will labeled with Web pages using the HTTP connection was "not safe". Google is even stronger than when it rated the page using HTTPS connection in a higher ranking.






With such efforts, HTTPS was no longer limited to the pages of the Bank and webmail anymore, instead as more and more websites use this connection. So the letter "S" in HTTPS has nothing that the divine Mr. big on the Internet must support to disseminate it as such?

The letter "S" is the Security (Safety)?

Although the Web page uses the HTTP connection are being labeled as browsers do not, but that does not mean the site is HTTPS secure. Speaking more precisely, HTTPS only means that your connection is secure, your data is not stored on the website it is safe. In fact, HTTPS is not related to the website, the server hosting, or any other data you provided to it.
If HTTPS does not guarantee the safety, the correct is it? Briefly speaking, HTTPS brings three things: the secret, integrity and reliability.

-First, the simplest thing is the secret:

HTTPS uses encryption to make sure no one can see the data transmitted over the wire. When your browser connects to a website via HTTPS, connect from your browser to the web page you want to view is encrypted. That is, any data would be exchanged, also will not show to anyone snooping in the network.


-Possibility of encoding HTTPS also brings the second feature for it: integrity.
He Jacob Hoffman-Andrews from EFF (Electronic Frontier Foundation: Organization the electronic frontier) to know the encoding, like "a small barrier a minimum" for today's Web. "If we are redesigning the Internet from scratch today, we'll talk very inexpensive encryption and easy, no longer restrict exporting to other formats, so it will be the default and you will not have to worry about it anymore."
If there is no encryption, anyone with a little less likely can also monitor is connected, to know everything you require and what sites return. Not only that, that person-referred to as the Stand Between (Man-in-the-Middle)-will be able to intervene in the stream of data sent and received. For example, the Internet provider network may display an advertisement to force you to click on the ads that are read.
And this is not unprecedented. By technical attack man-in-the-middle, the Verizon Wireless network had edited the bandwidth on their networks to create a track (it adds a top piece attached to HTTP are called X-UIDH) and send it to the entire web page does not encode that Verizon customers often visit.



This allows Verizon, in a manner of speaking EFF, "docking a permanent record, insight into the user's browsing habits without their consent." In addition to Verizon, the Wifi service of Comcast and AT & T also similarly.
The network do with this data is still impossible to guess, so this may be viewed as one of the biggest reasons Google wanted to make the Web convert to HTTPS connections. Whereas with encrypted connection when using HTTPS, the data being transmitted on it will be very difficult to read. There will be no way to read or interfere with the full text of the code without the encryption key. This is the second advantage of HTTPS, as it ensures you get the right content the browser request.
From the ability of its encryption, HTTPS is also another benefit: it is to prevent the browser from the Internet service provider or the Government. As noted above, the non-encrypted networks make the censorship becomes so easy-just third party interference in the data flow, or change what you want to read again.


However, with the ability to encrypt the transmission line, the third party will not monitor and intervene are to content or flow of data. For example, the Russian Government wanted Blocked, not for access to an article page on Wikipedia, but because Wikipedia uses HTTPS so there is no way to know who is accessing this page is requesting the article would. The Russian Government at that time faced with the choice, or block all the Wikipedia page or not at all, and in the end they choose nothing.
The lack of the ability to encrypt the transmission also creates a risk greater than the other. A network attack were brought to light in the last year has shown, the lack of HTTPS sites also create risk of DDoS attacks, by using the access from users who don't know anything about this attack.


Modern Artillery attacks-Great Cannon-like its name, is a very sophisticated attack. Somehow, who occupied the right to a bit of Javascript provided by Baidu, the search giant of China, and added that an extra download (payload) to it routinely submit requests to two websites, which challenge the censorship of the Chinese Government. Any one was tied to the other scripts when visiting Baidu, will be part of the attack that did not know.
The only way to avert a Great assault Cannon, or keeping track of network as Verizon's, is encrypted bandwidth access.
-The last thing HTTPS brings is authenticity and credibility
The website you are visiting will be confirmed by the browser that this is site and not an imposter. To verify your connection, the Web browser to maintain a list of certificates that have been assessed as trustworthy and has known.


When your browser requires to load a certain page, it will receive the safety certification of the page, contains a sequence that can lead back to the certified evaluation unit. If the evaluation unit that fits a unit appraised that the browser has to know, then your browser will trust the site to which you are connecting is what it claims to.

HTTPS-expensive shield Plates for Web security

Now surely you know what HTTPS bring: encryption, integrity and authenticity-as well as why the Bank, Gmail, Facebook, Twitter or on as many other sites are using it. But whether HTTPS is a perfect shield, effective for the World Wide Web today or not? Does every website should switch to using this connection or not?
Not exactly.

Bloggers and developers, said Dave Winer in a post on the blog that "HTTPS is an expensive security theatre." He argues that not only does HTTPS help for the old web hosting, but also do waste time of who owns the site. Not only has he Tim Berner-Lee Winer also put doubt on its ability to ensure the integrity of HTTPS.


Both emphasize the potential problem of the switch to HTTPS will do the more complicated process of setting up the website and create something new on the Web, and it can break the link. That is the thing that the developer can easily ignore. However, the world wide web not only because the developer knows, but also from anyone with the spent a few DOLLARS a month.
Meanwhile, additional sites request a security certificate is one more significant barriers to access to the Web. Anyone have use HTTPS for his fake website know that it's a terrible inconvenience. This seems to be the biggest obstacle to widespread HTTPS for those who operate the small website.
Until recently, yet there is no way to have an SSL certificate for free (a few certificate issuer certificate at no additional charge, but will charge if you recovered it). However there were a number of solutions from the old name of the village of technology to solve this problem.


Organization of the EFF (Electronic Frontier Foundation) and Mozilla have partnered together to create Let's Encrypt, a tool to bring the HTTPS certificate for free, similar to Symantec's solutions. The choice really is free, does not require the user to provide demographic information. There is also a collection of command line tools to help with the install and edit the simple certification possible.
However, that is not the end. After you get the certificate, you will have to install it and your web server to operate properly. Once again, assuming that you have knowledge of a basic system administrator, this will not be too difficult, but refining it until you get A grades in the test of security SSLLab will take many hours to fix (even Facebook also point score B in this test).


Therefore, simplifying the process of setting up HTTPS will need many more tools in your tool chain. It will do the individuals have to depend more on the tools built by others. And for those individuals, Web developers when they have to depend on the big company to solve complex problems, that will reduce the loss of their joy. Since then, they are no longer as the creator of the Web anymore, simply users.
Not so, the way the browser HTTPS connection emphasis today are seriously misleading and should be changed. While the HTTP connection was labeled "unsafe" by Mozilla's Firefox and other browsers in the Chromium Project, from HTTPS connections are labeled as "safe".


This can cause the serious mistake to users. In fact, the browser has no way to know that that site is really "safe" wider sense or not. To use HTTPS, doesn't mean that site does not store credit card numbers and passwords as plain text (plain text). Also does not mean that site being hacked to add Javascript to the toxic and similar things like that. As said above, HTTPS only helps ensure the connection to that site is more secure.
He is also particularly concerned about Winer Google when the company has financial interests in promoting any web page, switch to HTTPS. Because the HTTPS connection will prevent the opponents of Google intervenes on the search results. However the airline to stop downloads and rated the site using an HTTP connection to promote the switch to HTTPS is a serious abuse of their position in the web ecosystem.
But apparently not to deny the need for encryption in Web. Not only users who need it, but also the network also need to encode to ensure its neutrality. Not so, if no coding, just surf the web only can also turn you into a help not for a DDoS attack.
Therefore, HTTPS still is a good choice when the user brings greater confidentiality, to ensure the integrity of the data when the forward, and provides a meaningful and authentic help network became less hostile than the current. Can the abuse will still occur, the monitor can still be performed, but the attack will "move from large number to aim for the more specific objectives" and the network will go back into a harmless communications pipes.

Refer to the Ars Technica









Comments

Post a Comment

Popular posts from this blog

Modern robots planned to drill Saigon underground from 26/5

As planned, on May 26, the robot tunneling will officially operate, construction of the 781 m long underground. According to a statement issued by the contractor directly operating underground metro drilling robot, the staff of this unit consists of 17 foreign experts, 5 engineers and 25 Vietnamese workers will operate TBM tunnel drilling machine. From Ba Son Station to Ho Chi Minh City Theater Station. Install underground tunnel drilling robot. As planned, on May 26, this tunnel robot will be officially operated, construction of the 781 m long underground section.  This is the item of package 1b of the metro line 1 (Ben Thanh - Suoi Tien) contractor contractor Shimizu - Meada (Japan).  Ben Thanh - Suoi Tien will be the first metro line in Vietnam to excavate tunnels underground TBM machine with a tunnel diameter up to 6.79 m.  The modern TBM submersible robot from Japan has a total length of 70 m, weighs 300 tons, is being assembled by the unit to exc...
Post a Comment
Read more

Japan million Chinese Ambassador, warned the relations are "markedly deteriorated"

Japan today (9/8) has again warned China that relations between the two countries "are deteriorated" due to the territorial dispute in the East China, after the Chinese ship massively present near the Islands that the two countries jointly demanded sovereignty but administered by Tokyo. Japanese Foreign Minister Fumio Kishida (left) and Chinese Ambassador Cheng Yonghua in the meeting in Tokyo on 9/8. (Photo: Reuters) Tensions between the two largest economies of Asia has increased since Tokyo found sudden increase in the number of Coast Guard vessels and other ships of the Chinese Government to the near islands of Senkaku dispute/Mermaid Pipe in past few days. Japanese Foreign Minister Fumio Kishida today has the second summons Chinese Ambassador Cheng Yonghua since 5/8 and told him that Beijing is attempting to change the status quo unilaterally, a statement by the Japanese Foreign Ministry said. Also according to the statement above, he also told him that Cheng Kishida envi...
Post a Comment
Read more

Yahoo's tragedy: life in life not knowing who you are

The fall of an Empire was once the gate takes the user to the World Wide Web derived from the Golden date, when not one of Yahoo employees actually understand their names associated with the field. In 2006, at a hotel in San Jose, California, United States, Yahoo held a summer holiday dedicated to the leadership of the company. At this time, Yahoo still is one of the "giants of the Internet" and I still don't have any signs of difficulties at all. On the contrary, when stepping through the tenth birthday, Yahoo still are on the peak. In the previous year, "the Internet giant" has already achieved 1.9 billion profit on revenue of 5.3 billion.The difficult days of the dot-com crisis was drifting away and at this Yahoo is enjoying dominant position on one of the "hot" areas for the world to gain a fertile advertising contracts with the world's most famous brands. But, in a game held at the Hotel San Jose, the head of Yahoo has asked a question interes...
Post a Comment
Read more