Myth: If I am using https:// enabled site, all my communication is secure and no one can intercept and understand in-between.
This is a very popular myth. As technology gets-into our lives, we start relying on it. We use internet not only on PCs and desktops but also on Tablets and Mobiles. We use it for our daily lives, for simple ordinary search to social e-gatherings, for simple email to online banking. It has become an important media for our daily mundane tasks.
As we are using it:
Today I’ll try to explain the scenarios when an https:// enabled communications be intercepted and understood.First of all there should be no doubt that your communication with a website can be intercepted. It can be intercepted at your local LAN, at your ISP, and at any location between you and the website. However eavesdropper(interceptor) will not be able to get anything out of it as everything is encrypted with strong enough algorithm.
Now come to the point. Then, how https:// can be insecure?I my last tutorial about functionality of https://, I have talked about the certificates. Which are used to encrypt everything between website and web browser. Now lets see how an eavesdropper can intercept and decrypt your communications:
Lets explain the steps quickly:
Very soon, Next post: how to protect yourself from https:// hijacking.
This is a very popular myth. As technology gets-into our lives, we start relying on it. We use internet not only on PCs and desktops but also on Tablets and Mobiles. We use it for our daily lives, for simple ordinary search to social e-gatherings, for simple email to online banking. It has become an important media for our daily mundane tasks.
As we are using it:
- Is it really secure?
- Can we use it without the sacrificing our privacy?
- Can we be confident about the confidentiality of our personal information?
- Are we really protected against e-theft?
- For those who want their privacy be respected while online.
- For those who want their usernames/passwords to be secret.
- For those who are conscious about their e-transactions.
Today I’ll try to explain the scenarios when an https:// enabled communications be intercepted and understood.First of all there should be no doubt that your communication with a website can be intercepted. It can be intercepted at your local LAN, at your ISP, and at any location between you and the website. However eavesdropper(interceptor) will not be able to get anything out of it as everything is encrypted with strong enough algorithm.
Now come to the point. Then, how https:// can be insecure?I my last tutorial about functionality of https://, I have talked about the certificates. Which are used to encrypt everything between website and web browser. Now lets see how an eavesdropper can intercept and decrypt your communications:
Lets explain the steps quickly:
- User request a website e.g www.gmail.com
- Attacker is in-between, let the request go to gmail
- gmail respond with its certificate, attacker keep that certificate, send user his/her own certificate
- User browser shows a warning to accept certificate
- If user accept, all communication between user and attacker will be encrypted but with ATTACKER’s certificate
- Attacker decrypt the traffic and encrypt again with google’s certificate and forward the request to google
- This way attacker just encrypt and decrypt between user and google (site) which is transparent to both user and google site.
Very soon, Next post: how to protect yourself from https:// hijacking.
No comments:
Post a Comment