Hi, this is Wayne again with a topic “Does HTTPS REALLY Keep You Safe?”.
Most web addresses these days start with https, which implies that your connection to the website is secure in some way. So the S that’s what the S stands for, but what exactly is https and how safe is it really keeping you https is a protocol that encrypts information sent over the Internet, specifically the content, that’s traveling between your PC or phone and the server for the website. You’Re viewing without https any of that content such as private messages, payment info or the videos you’re watching, could be intercepted by an attacker or Snoop such as someone with a packet sniffing program connected to the same Wi-Fi network or by an IT administrator monitoring traffic. At your office and yes, there are ways that your employer could still look at your web traffic, such as through a proxy, but I’m sure all of you are on your best behavior on the job, although most websites, these days use https. This wasn’t always the case, but why well it had to do with how security certificates worked? That’S the electronic document used to generate the https encryption. Not only does it contain a public key, but it also enables another important function of https. It lets a user know.
The site that they’re accessing is indeed what the URL says it is, although anyone can make a certificate, it needs to be signed by an organization called a certificate Authority. In order for your browser to recognize it as valid and give you that nice little padlock icon up in the corner, it makes me feel so nice for a certificate authority to sign a certificate. The website owner needs to show that they actually control the domain name. On the certificate, without a certificate Authority signature, the encryption will still technically work if the certificate owner self-signs it.
But the issue is that you, the user at home, won’t know who’s. On the other end of the connection, it could very well be an attacker ready to to steal your data. The problem for a long time was that certificate authorities charged money for this service up to several hundred dollars a year which many site owners just didn’t want to bother with, especially if they were running smaller websites, but nowadays it’s easy to get certificates signed for free. In large part, due to a non-profit Authority, called let’s encrypt, backed by the Electronic Frontier Foundation, as well as several large tech companies and there’s the fact that Chrome started displaying aggressive, looking warnings whenever you visited a site without a certificate signed by a recognized Authority that Got https adopted rolling a bit quicker, but do keep in mind. You won’t see this warning if a site doesn’t use https at all so be sure to glance up at the address bar to see if the site is just using plain HTTP.
So https is now widespread and clearly plays a vital role, but there are also lots of misconceptions about it that have led some folks to believe more of their browsing activity is private than it actually is. We’Ll tell you what https doesn’t do right after we thank Soylent for sponsoring this video Soylent is where science meets, taste, affordability and sustainability. Their nutrient complete formula is a great alternative to skipping a meal, because you just don’t have the time it’s affordable at two to four dollars per serving and it comes in convenient, no prep format with a ton of flavors available.
Our favorite is chocolate. It has everything you would look for in a ready to drink meal even better. They stand by their mission of providing access to good food by giving back nearly 6 million donated meals check them out at the link below today and the first 500 people to use this link and code techwiki 30 will get 30 off their first order. One common misconception is that the https padlock means that you’re connected to a site that you can trust with your personal information. This is definitely not the case. There are plenty of fishing sites whose appearance imitates the legitimate site, but you often can see up in the address bar that the URL doesn’t match the site that you want. So their certificates get signed because the attackers do own that URL they aren’t trying to get a certificate for the real site.
So look at the URL very closely if you suspect, you’re the target of a phishing attack. If you want to be really careful check, the certificate too, as another kind of attack called DNS poisoning, can even return a malicious website with a legitimate looking URL. Another very, very important thing to remember is that https does not encrypt metadata, which includes URLs.
This means that an attacker network, administrator or ISP can still determine which sites you are visiting and, in certain circumstances, even which specific web pages, depending on how the server is configured. So if you’re visiting a site, that’s CD, inappropriate during work hours or whose URL could give away something personal https alone – won’t cover you. But there is some good news here. Encrypted DNS is gaining popularity, which, in layman’s terms, means that the host names of the pages you’re visiting would be encrypted as DNS is the system that looks up.
The actual numerical IP addresses of the site addresses you punch in this makes it significantly harder for an attacker to figure out what sites you were using encrypted. Dns can be enabled in Windows, but not all DNS Services support it and it can be possible to deduce what sites you’re visiting by looking at the IP addresses you’re connecting to. But just like https itself, it’s meant to make life more difficult for snoops, not as a silver bullet to stop every kind of attack. If that existed, someone out, there would probably have a fortune that would put even daddy Bezos to shame, but whatever the opposite of Shame is I’m giving to you right now for watching the whole video hey thanks like it.
If you liked it dislike it, if you disliked it check out our other videos, comment below with video suggestions and don’t forget to subscribe and follow. .