Please enable Javascript to use MakeUseOf to it's fullest. Without it, you will find much of the modern internet doesn't work. I would add a little button hide this message, but that kind of functionality requires Javascript ;)

Jun222010

How secure is http?

Drew Yeh asks:

How secure is it? Is there a way to tell if the security has been breached? If there’s no set way, are there signs (like slower connection because of an intermediary party)? Not to sound vain and overly concerned with my own life, but is http secure enough for Evernote or your todo list?

Tagged: hacked, http, secure connection, security

Know someone who can answer? Share the question with your friends!

Comments for this Question are closed.

If you are looking for help, please ask a new question here.

We will be happy to help you!

Hide 8 Comments

pceasies June 23, 2010

HTTP is not secure, it’s plain text. HTTPS adds encryption and it depends on the strength of the encryption to determine how secure the information being sent it.
- pceasies June 23, 2010
  
  You might want to read this article by Raymond.cc:
  http://www.raymond.cc/blog/archives/2010/03/09/spying-windows-software-by-sniffing-and-decoding-packets-including-ssl-with-ospy/
  
  Shows how to use oSpy to watch traffic and determine if data being sent is encrypted
Jack Cola June 23, 2010

There is a program called Wireshark which analyses packets in and out of your computer. If you log in to a site that does not use HTTPS, you will be able to see your username and password in plain text. So if you see information from another party, you can raise your flaggs.

But basically, no one is safe on the internet. Somewhere along the lines your information may be captured. For example, in Austrlalia, they are talking about recording every URL you visit or even ban you from the internet if you don’t have antivirus software on your computer.
- pceasies June 23, 2010
  
  That sounds a bit harsh. I don’t have antivirus installed right now and haven’t noticed anything odd.
Test June 23, 2010

thx for the answers. So I’m guessing I shouldn’t have anything that I don’t want others to see using http. A few questions of confirmation: does an attacker have to target you personally or could it be an attack that happens because they happened to sniff your packets by chance? Do they have to gain access to your computer to analyze the packets? Do they have to gain access to the server you’re sending the packets to?

thx
Oron Joffe June 23, 2010

There are many aspects to security, too many to cover here, but think of it this way: using HTTP is like sending postcards, or shouting to someone across the street. Anyone who has physical access to the conversation (postman, sorter, passerby on the street) can hear what you are up to.

Using HTTPS is like doing the same thing, only is Sumerian (or Mayan or old Egyptian, if you prefer). They would need to figure out what language you were speaking, then learn the language and decipher your conversation. HOWEVER, you’re still doing it in the public domain and it is still conceivable that someone might be able to crack the code, if it’s worth their while.
In short, don’t say anything on HTTP you don’t want someone else to hear (for example, disclosing passwords), but bear in mind that there are risks even when using a ‘secure’ protocol.
D-Technodude November 11, 2011

I know this is a year old, but what about if the password is encrypted with say MD5? Even if the hacker saw it, would they know what it meant?
- Tina November 17, 2011
  
  Technodude,
  
  as you said yourself, this article is over a year old. If you are still looking for an answer, I recommend asking a new question.

Get the best MakeUseOf articles in your email for free.
Access Exclusives. Over 400,000 subscribers!

More Subscribe Options

Best Of Software

Please wait...