S For...

Ashish Vaidya
Published on: February 2012
Remember?? The iconic emblem for the famous fictional superhero - Superman.
No! The following content is NOT about the legendary caped human or alien characters who consummate the gargantuan duty of protecting the common man from the devious miscreants.

It's about securing your online presence and protecting your data in transaction. "From who?" you ask. I don't know if the super-powered individuals exist but miscreants certainly do. They can be anywhere and as anyone - may be me, may be your neighbour next-door, or perhaps someone else. With billions of people connected to you via internet, you can never know who is stalking on you or the traffic from your system. That's why any online financial transaction has to use a secure connection. Even the social networking sites like Facebook and Twitter provide option for secure browsing today.
s for,protocol
You might be familiar with the fact that using "https" instead of "http" in the address bar of your web browser make your online session secure but what difference does a tiny-winy 's' make? Most of the people around don't care to ascertain. Of course, you don't have to be a mechanic to drive a car but knowing few intrinsic details doesn't hurt and can be of great help in unusual situations.

Hyper Text Transfer Protocol Secure or HTTP over SSL,
commonly known as HTTPS is a blend of Hyper Text Transfer Protocol (HTTP) and Secure Socket Layer (SSL) protocol. It provides an encrypted communication and secure identification of a network webserver. You can tell if you are connected to a secure URL if the string in your address bar begins with https://.

You can also see a padlock icon in address bar or status bar of your browser indicating the use of secure protocol. When a user connects to a website using HTTPS, all the communication that happens over that session between your browser and the webserver travels in encrypted form. It works in the following manner:
  1. First your browser checks the certificate to make sure that the site you are connecting to is the real site and not someone inter-cepting. If the website does not provide a proper certificate the browser displays a warning.
  2. Then it does determine the encryption types that the browser and web site server can both use to understand each other.
  3. Browser and Server send each other public keys to use when encrypting the infor-mation that will be sent. The information encrypted with server's public key shall be decrypted only with the corresponding private key with server. The same holds good for the browser as well.
  4. The browser and Server start talking using the encryption, the browser shows the encrypting (padlock) icon, and web pages are processed secured.

Encryption is a vast topic in itself. You may discover more about it on your own. Perhaps I shall touch upon it in simple words some other time.

The world is not perfect and neither is HTTPS. Unfortunately, it is still feasible for some attackers to even break HTTPS. Attacks keep evolving and so does the security mechanisms. The effectiveness of HTTPS can be limited by poor browser or server software implementation or a lack of support for some algorithms.
Furthermore, although HTTPS secures data as it travels between the server and the client, once the data is decrypted at its destination, it is only as secure as the host computer.

On your end, the least you can do is to make sure that your browser is updated with latest security updates. You may also verify that the website is using the latest SSL i.e. Version 3.0. Beware of SSL Version 2.0 as it is known to have a number of se-curity flaws. You may check the SSL configuration details for a website at https://www.ssllabs.com/ssldb/index.html or http://www.serversniff.net/content.php?do=ssl
As they say, personal security is your responsibility. So, remember for secure whenever you are online and feel free to use its powers to protect yourself from wrongdoers.
By the way, dont forget to S for Smile.
On a scale of 1-10, how inspiring did you find this article?