Andrew Yeh asks:
I know to protect against man-in-the-middle attacks, you’re supposed to use https, but there are some sites that just don’t work with it. Is there some way to secure sites with http?
Know someone who can answer? Share the question with your friends!
Hide 8 Comments
Andrew,
we recently had a similar question: How I can surf the internet always using a secure SSL connection?
You could try HTTPS Everywhere.
Tina,
thx for the answer. However, if you have to use http (as noted in the answer to one of the questions, https must be provided), is there any way to secure them? Use a VOP? Use a proxy?
thx
This is like the third question about this and I am not sure why.
If you read my answers in that post Tina mentioned, you will get a better understanding. If HTTPS isn’t provided by the site your visiting, you can only use HTTP. Read my comments for more of an understanding.
Jack Cola,
Sorry if I’m asking a bad question: I don’t understand how the internet works. But I thought my question was different from the last one. The past question asked if it was possible to surf everywhere with https. I know it isn’t possible. However, does this mean there’s no local answer? So a secured, wired connection and a secure DNS doesn’t secure you against man-in-the-middle attacks? That was my question: is there a way to secure my computer against these attacks?
Sorry if this was a bad question.
thx.
The internet is basically a collection of computers that are all connected to each other. When you visit a website, your computer (the client) connects to the server, the web server then sends the information back to you and your web browser displays it.
There are numinous protocols that can be used such as HTTP, HTTPS, FTP to name the most common ones.
A DNS converts a domain name such as makeuseof.com to an IP address. Computers all talk to each other using IP address – each computer has one and we are running out, thus for IPv6 (we’re currently using IPv4). Domain names are only used because it’s easier for us to remember words then numbers.
Read 0ron answer for a great example between HTTP and HTTPS and hopefully you will understand it a bit better. http://www.makeuseof.com/answers/secure-http/#comment-58293510
If it’s encrypted (HTTPS), people can only decrypt what you say.
But if you are worried about attacks, get a good antivirus program and firewall. I don’t have AV installed on my computer, and never had a virus (touch wood)
But if someone does get your password, it’s as simple as changing it. I am not to fussed on using http and https. If https is available, I would use it over http. I am more worried about logging on to a site on another computer apart from my own such as work, uni, school, friends, library, internet cafe as who knows, they may have viruses or keyloggers installed.
You may find this interesting as well http://www.youtube.com/watch?v=2fP-j4XCuFs
Andrew,
There are many waus to secure yourself. First of all if you have an up to date <a antivirus, operating system and firewall you should be fine.
- The 10 Best Free Anti-Virus Programs
- The Three Best Free Firewalls for Windows
Firefox users may also install a NoScipt addon that blocks all on-page scripts. See, 10+ Best Firefox Security and Privacy Addons.
Anti-virus and firewalls and noscript implies that the problem are local: that if you block viruses and other malicious programs from coming in, http is secure. Is that true?
Well doing that will help prevent you from getting a virus or spyware. And if those programs listen in to what you are saying (or transferring across the internet) then yes, it will be more securer – but you still won’t get full protection.
If a hacker is specifically targeting you, then all you can do is protect yourself, but the odds are for someone to listen in to just you is very low unless your computer is compromised by a virus already and it just logs your actions for something interesting.