SlideShare a Scribd company logo

HTTPS

Download as PPTX, PDF
Justin Denton
Justin Denton

When you browse the net - you often send sensitive and highly personal data - passwords, banking information and so much more. One of the basic protections we have is a secure connection - or HTTPS instead of a HTTP. What does this mean? Should you enable this secure connection on your website? How can you inform your users to seek out these connections? Typing our banking information, secure passwords or our credit card information into an unsecure connection - can put at anyone at high risk of having our information stolen. This scenario and various others are all to true in the digital age and can wreak havoc on many individual’s personal lives. Some leading towards bankruptcy and financial ruin. This webinar will discuss: - what HTTPS is - how it functions - how to enable it - where to get a SSL certificate that will sign your HTTPS implementation -along with where it should be implemented.

Education
1 of 37
How do you know if your information is secure?
Justin Denton • justindenton@mac.com • http://www.libchalk.com • Linkedin: • https://www.linkedin.com/in/j ustindenton1 • Twitter: @cyberdenton
What we’re covering today… • What HTTPS is. • How HTTPS functions. • Where to get a SSL certificates? • Why HTTPS? • How to enable HTTPS. • Where should HTTPS be implemented? • Communication and Training • Best Practices & Tips.
What is • HTTP is how a Web Server communications with Web Browsers • HTTPS is secure communication between a Web Server and Web Browsers S
Founded • Netscape Communications created HTTPS in 1994 for its Netscape Navigator web browser.[40] Originally, HTTPS was used with the SSL protocol. As SSL evolved into Transport Layer Security (TLS), the current version of HTTPS was formally specified by RFC 2818 in May 2000.
What type of sites have you been to that use HTTPS?
What does HTTPS Do? • HTTPS verifies the identity of a website and encrypts nearly all information sent between the website and the user. • Protected information includes cookies, user agent details, URL paths, form submissions, and query string parameters. • HTTPS is a combination of HTTP and Transport Layer Security (TLS). • Browsers and other HTTPS clients are configured to trust a set of certificate authorities that can issue cryptographically signed certificates on behalf of web service owners.
What Doesn’t HTTPS Do? • HTTPS has several important limitations. • IP addresses and destination domain names are not encrypted. • Even encrypted traffic can reveal some information indirectly, such as time spent on site, or the size of requested resources or submitted information. • HTTPS only guarantees the integrity of the connection between two systems, not the systems themselves. • It is not designed to protect a web server from being hacked. • If a user’s system is compromised by an attacker, that system can be altered so that its future HTTPS connections are under the attacker’s control.
Using HTTPS… • The computers agree on a "code" between them, and then they scramble the messages using that "code" so that no one in between can read them. This keeps your information safe from hackers. • They use the "code" on a Secure Sockets Layer (SSL), sometimes called Transport Layer Security (TLS) to send the information back and forth.
How can you make your site Secure? • Utilize a security certificated called a SSL certificate. • SSL = Secure Sockets Layer • SSL certification ensures website visitors that you are the owner of the website and that the information is secured using a SSL certificate authority. • Free SSL • https://letsencrypt.org/
Any individual or organization that uses their website to require, receive, process, collect, store, or display confidential or sensitive information. Some examples of this information are: • Logins and Passwords • Financial Information (e.g., credit card numbers, bank accounts) • Personal data (e.g., names, addresses, social security numbers, birth dates) • Proprietary information • Legal documents and contracts • Client lists • Medical records Who needs an SSL Certificate?
Question • You click to check out at an online merchant. Suddenly your browser address bar says HTTPS instead of HTTP. What's going on? Is your credit card information safe?
Answer • Good news. Your information is safe. The website you are working with has made attempts to ensure that no one can steal your information.
How HTTPS works…
Why HTTPS?
Has anyone ever been a Victim?
Why HTTPS? • Prevents Hackers from watching what you do over the Internet • Encrypts Data • Keeps stuff private • Keeps you safe • Prevents people from tracking your internet activity • Unencrypted HTTP request reveals information about a user’s behavior. The HTTP protocol does not protect data from interception or alteration.
Why? • Chosen as a good place to put an international message • Posting click-baity articles and spam • Posting political message • Holding for ransom • Fun / Competition • Money • Steal Personal Info • No reason at all..
High percentages of people have fell victim. More than 1 in 10 on average in the US.
10 Million affected in 2008
How are they getting in? • Unsecure POP3 Email Servers • Public Wi-Fi not secure • HTTPS is not being used on sites that you are accessing • No Anti-Spyware / Anti-Virus Software installed (or out of date) • User base not aware
Does HTTPS Solve all my worries? • A sophisticated type of man-in-the-middle attack called SSL stripping was presented at the Blackhat Conference 2009. • This type of attack defeats the security provided by HTTPS by changing the https: link into an http: link.
http://tinyurl.com/JDHTTPS Recovering from a Loss of Identity or being a victim of information Theft can be a PAINFUL process.
Enabling HTTPS… • Things you need to do… • Enable HTTPS on your Web Server • Easy for Public Hosting companies such as GoDaddy • Harder if you run your own. (Recommend engaging IT Expert.) • Hosted sites are Click and Pay. • Some configuration may be needed. • Hosting providers will have specific documentation on how to configure. • Provider Dependant • Test your site after implementing • Look for the Browser Locks
What’s your responsibility? • Provide a safe and secure environment for your customers • Implement & test Internet security measures • Register and maintain an SSL Certificate • Educate your customers
How to stay secure? Take Preventative Measures…
Does anyone in attendance do anything to protect themselves while online?
How can you be secure? • Be aware when putting in data “YOU” want to protect into a non-HTTPS secure site • Have Anti-Virus software installed and updated • Don’t go to suspicious sites • Utilize private VPN • Make sure you use Encrypted apps • Use a password manager
How can you be secure? Cont’d… • Remember to be on the “CORRECT” Site.. HTTPS doesn’t mean that the site is Secure from Hackers.. Just means that the data you enter onto the site is encrypted and protected form others that could potentially see it. • If you go to a Hacker Site with HTTPS, your data is secure, but only secure between you and the hacker
How is the Government handling this? • The HTTPS-Only Standard • A memorandum M-15-13, “A Policy to Require Secure Connections across Federal Websites and Web Services”
Best Practices… • SSL Certificates • Keep track of when they expire. • Ensure you renew on-time. • Understanding that HTTPS runs on Port 443 & HTTP runs on Port 80. (What does this mean?) • Modify firewall settings
Communication & Training • Building strategies for communication & training to consumers • Continue to inform • Have security awareness programs for employees and consumers • Have a Cyber-Safety Month • Other ideas?
What should you remember?
• There are obvious instances in which this type of secure connection is a must.  Transfer of Personal Identifiable Information  Transfer of transaction data in e-commerce  Transfer of any other sensitive data • The actual act of securing a website is a very complex process. • HTTPS does not stop attackers from hacking a website, web server or network. • It will not stop an attacker from exploiting software vulnerabilities, brute forcing your access controls or ensure your websites availability by mitigating Distributed Denial of Services (DDOS) attacks. Remember…
HTTPS

Recommended

Transport layer security (tls)
Transport layer security (tls)Transport layer security (tls)
Transport layer security (tls)
Kalpesh Kalekar
 
HTTP vs HTTPS, Do You Really Need HTTPS?
HTTP vs HTTPS, Do You Really Need HTTPS?HTTP vs HTTPS, Do You Really Need HTTPS?
HTTP vs HTTPS, Do You Really Need HTTPS?
CheapSSLsecurity
 
Let's go HTTPS
Let's go HTTPSLet's go HTTPS
Let's go HTTPS
Codemotion
 
What is TLS/SSL?
What is TLS/SSL? What is TLS/SSL?
What is TLS/SSL?
Shehzad Imran
 
Web security
Web securityWeb security
Web security
Padam Banthia
 
Ssl (Secure Sockets Layer)
Ssl (Secure Sockets Layer)Ssl (Secure Sockets Layer)
Ssl (Secure Sockets Layer)
Asad Ali
 
FortiMail
FortiMailFortiMail
FortiMail
TestSpam1
 
Network security
Network security Network security
Network security
Madhumithah Ilango
 

Recommended

Transport layer security (tls)
Transport layer security (tls)Transport layer security (tls)
Transport layer security (tls)
Kalpesh Kalekar
 
HTTP vs HTTPS, Do You Really Need HTTPS?
HTTP vs HTTPS, Do You Really Need HTTPS?HTTP vs HTTPS, Do You Really Need HTTPS?
HTTP vs HTTPS, Do You Really Need HTTPS?
CheapSSLsecurity
 
Let's go HTTPS
Let's go HTTPSLet's go HTTPS
Let's go HTTPS
Codemotion
 
What is TLS/SSL?
What is TLS/SSL? What is TLS/SSL?
What is TLS/SSL?
Shehzad Imran
 
Web security
Web securityWeb security
Web security
Padam Banthia
 
Ssl (Secure Sockets Layer)
Ssl (Secure Sockets Layer)Ssl (Secure Sockets Layer)
Ssl (Secure Sockets Layer)
Asad Ali
 
FortiMail
FortiMailFortiMail
FortiMail
TestSpam1
 
Network security
Network security Network security
Network security
Madhumithah Ilango
 
Network Security
Network Security Network Security
Network Security
Abdul Qadir Pattal
 
Cybersecurity
CybersecurityCybersecurity
Cybersecurity
Edwin A. Opare
 
Web Application Penetration Testing
Web Application Penetration Testing Web Application Penetration Testing
Web Application Penetration Testing
Priyanka Aash
 
CommCon 2023 - WebRTC & Video Delivery application security - what could poss...
CommCon 2023 - WebRTC & Video Delivery application security - what could poss...CommCon 2023 - WebRTC & Video Delivery application security - what could poss...
CommCon 2023 - WebRTC & Video Delivery application security - what could poss...
Sandro Gauci
 
Transport layer security (tls)
Transport layer security (tls)Transport layer security (tls)
Transport layer security (tls)
Kalpesh Kalekar
 
Social Engineering new.pptx
Social Engineering new.pptxSocial Engineering new.pptx
Social Engineering new.pptx
Santhosh Prabhu
 
Internet Securities Issues
Internet Securities IssuesInternet Securities Issues
Internet Securities Issues
Om Prakash Mishra
 
Owasp mobile top 10
Owasp mobile top 10Owasp mobile top 10
Owasp mobile top 10
Pawel Rzepa
 
Phishing
PhishingPhishing
Phishing
SaurabhKantSahu1
 
HTTP & HTTPS
HTTP & HTTPSHTTP & HTTPS
HTTP & HTTPS
NetProtocol Xpert
 
Pretty good privacy
Pretty good privacyPretty good privacy
Pretty good privacy
Pushkar Dutt
 
Darknets - Introduction & Deanonymization of Tor Users By Hitesh Bhatia
Darknets - Introduction & Deanonymization of Tor Users By Hitesh BhatiaDarknets - Introduction & Deanonymization of Tor Users By Hitesh Bhatia
Darknets - Introduction & Deanonymization of Tor Users By Hitesh Bhatia
OWASP Delhi
 
Web App Security Presentation by Ryan Holland - 05-31-2017
Web App Security Presentation by Ryan Holland - 05-31-2017Web App Security Presentation by Ryan Holland - 05-31-2017
Web App Security Presentation by Ryan Holland - 05-31-2017
TriNimbus
 
Steganography
SteganographySteganography
Steganography
Divam Goyal
 
Cross Site Request Forgery
Cross Site Request ForgeryCross Site Request Forgery
Cross Site Request Forgery
Tony Bibbs
 
Web Application Security 101
Web Application Security 101Web Application Security 101
Web Application Security 101
Cybersecurity Education and Research Centre
 
Spoofing Techniques
Spoofing TechniquesSpoofing Techniques
Spoofing Techniques
Raza_Abidi
 
Owasp zap
Owasp zapOwasp zap
Owasp zapColdFusionConference
 
Introduction to penetration testing
Introduction to penetration testingIntroduction to penetration testing
Introduction to penetration testing
Amine SAIGHI
 
Cyber security and Hacking
Cyber security and HackingCyber security and Hacking
Cyber security and Hacking
Parth Makadiya
 
How to Insert your Library into the mobile sharing economy
How to Insert your Library into the mobile sharing economyHow to Insert your Library into the mobile sharing economy
How to Insert your Library into the mobile sharing economy
Justin Denton
 
Leveraging Cloud Based Technology to Increase Productivity
Leveraging Cloud Based Technology to Increase ProductivityLeveraging Cloud Based Technology to Increase Productivity
Leveraging Cloud Based Technology to Increase Productivity
Justin Denton
 

More Related Content

What's hot

Network Security
Network Security Network Security
Network Security
Abdul Qadir Pattal
 
Cybersecurity
CybersecurityCybersecurity
Cybersecurity
Edwin A. Opare
 
Web Application Penetration Testing
Web Application Penetration Testing Web Application Penetration Testing
Web Application Penetration Testing
Priyanka Aash
 
CommCon 2023 - WebRTC & Video Delivery application security - what could poss...
CommCon 2023 - WebRTC & Video Delivery application security - what could poss...CommCon 2023 - WebRTC & Video Delivery application security - what could poss...
CommCon 2023 - WebRTC & Video Delivery application security - what could poss...
Sandro Gauci
 
Transport layer security (tls)
Transport layer security (tls)Transport layer security (tls)
Transport layer security (tls)
Kalpesh Kalekar
 
Social Engineering new.pptx
Social Engineering new.pptxSocial Engineering new.pptx
Social Engineering new.pptx
Santhosh Prabhu
 
Internet Securities Issues
Internet Securities IssuesInternet Securities Issues
Internet Securities Issues
Om Prakash Mishra
 
Owasp mobile top 10
Owasp mobile top 10Owasp mobile top 10
Owasp mobile top 10
Pawel Rzepa
 
Phishing
PhishingPhishing
Phishing
SaurabhKantSahu1
 
HTTP & HTTPS
HTTP & HTTPSHTTP & HTTPS
HTTP & HTTPS
NetProtocol Xpert
 
Pretty good privacy
Pretty good privacyPretty good privacy
Pretty good privacy
Pushkar Dutt
 
Darknets - Introduction & Deanonymization of Tor Users By Hitesh Bhatia
Darknets - Introduction & Deanonymization of Tor Users By Hitesh BhatiaDarknets - Introduction & Deanonymization of Tor Users By Hitesh Bhatia
Darknets - Introduction & Deanonymization of Tor Users By Hitesh Bhatia
OWASP Delhi
 
Web App Security Presentation by Ryan Holland - 05-31-2017
Web App Security Presentation by Ryan Holland - 05-31-2017Web App Security Presentation by Ryan Holland - 05-31-2017
Web App Security Presentation by Ryan Holland - 05-31-2017
TriNimbus
 
Steganography
SteganographySteganography
Steganography
Divam Goyal
 
Cross Site Request Forgery
Cross Site Request ForgeryCross Site Request Forgery
Cross Site Request Forgery
Tony Bibbs
 
Web Application Security 101
Web Application Security 101Web Application Security 101
Web Application Security 101
Cybersecurity Education and Research Centre
 
Spoofing Techniques
Spoofing TechniquesSpoofing Techniques
Spoofing Techniques
Raza_Abidi
 
Introduction to penetration testing
Introduction to penetration testingIntroduction to penetration testing
Introduction to penetration testing
Amine SAIGHI
 
Cyber security and Hacking
Cyber security and HackingCyber security and Hacking
Cyber security and Hacking
Parth Makadiya
 

What's hot (20)

Network Security
Network Security Network Security
Network Security
 
Cybersecurity
CybersecurityCybersecurity
Cybersecurity
 
Web Application Penetration Testing
Web Application Penetration Testing Web Application Penetration Testing
Web Application Penetration Testing
 
CommCon 2023 - WebRTC & Video Delivery application security - what could poss...
CommCon 2023 - WebRTC & Video Delivery application security - what could poss...CommCon 2023 - WebRTC & Video Delivery application security - what could poss...
CommCon 2023 - WebRTC & Video Delivery application security - what could poss...
 
Transport layer security (tls)
Transport layer security (tls)Transport layer security (tls)
Transport layer security (tls)
 
Social Engineering new.pptx
Social Engineering new.pptxSocial Engineering new.pptx
Social Engineering new.pptx
 
Internet Securities Issues
Internet Securities IssuesInternet Securities Issues
Internet Securities Issues
 
Owasp mobile top 10
Owasp mobile top 10Owasp mobile top 10
Owasp mobile top 10
 
Phishing
PhishingPhishing
Phishing
 
HTTP & HTTPS
HTTP & HTTPSHTTP & HTTPS
HTTP & HTTPS
 
Pretty good privacy
Pretty good privacyPretty good privacy
Pretty good privacy
 
Darknets - Introduction & Deanonymization of Tor Users By Hitesh Bhatia
Darknets - Introduction & Deanonymization of Tor Users By Hitesh BhatiaDarknets - Introduction & Deanonymization of Tor Users By Hitesh Bhatia
Darknets - Introduction & Deanonymization of Tor Users By Hitesh Bhatia
 
Web App Security Presentation by Ryan Holland - 05-31-2017
Web App Security Presentation by Ryan Holland - 05-31-2017Web App Security Presentation by Ryan Holland - 05-31-2017
Web App Security Presentation by Ryan Holland - 05-31-2017
 
Steganography
SteganographySteganography
Steganography
 
Cross Site Request Forgery
Cross Site Request ForgeryCross Site Request Forgery
Cross Site Request Forgery
 
Web Application Security 101
Web Application Security 101Web Application Security 101
Web Application Security 101
 
Spoofing Techniques
Spoofing TechniquesSpoofing Techniques
Spoofing Techniques
 
Owasp zap
Owasp zapOwasp zap
Owasp zap
 
Introduction to penetration testing
Introduction to penetration testingIntroduction to penetration testing
Introduction to penetration testing
 
Cyber security and Hacking
Cyber security and HackingCyber security and Hacking
Cyber security and Hacking
 

Viewers also liked

How to Insert your Library into the mobile sharing economy
How to Insert your Library into the mobile sharing economyHow to Insert your Library into the mobile sharing economy
How to Insert your Library into the mobile sharing economy
Justin Denton
 
Leveraging Cloud Based Technology to Increase Productivity
Leveraging Cloud Based Technology to Increase ProductivityLeveraging Cloud Based Technology to Increase Productivity
Leveraging Cloud Based Technology to Increase Productivity
Justin Denton
 
Automating with the Internet of Things
Automating with the Internet of ThingsAutomating with the Internet of Things
Automating with the Internet of Things
Justin Denton
 
Beyond the Brick and Mortar - NEFLIN 2016 - Hot Topics User Experience Confer...
Beyond the Brick and Mortar - NEFLIN 2016 - Hot Topics User Experience Confer...Beyond the Brick and Mortar - NEFLIN 2016 - Hot Topics User Experience Confer...
Beyond the Brick and Mortar - NEFLIN 2016 - Hot Topics User Experience Confer...
Justin Denton
 
Mesh Networks
Mesh NetworksMesh Networks
Mesh Networks
Justin Denton
 
Leveraging Cloud Based Technologies for Increased Team Productivity
Leveraging Cloud Based Technologies for Increased Team ProductivityLeveraging Cloud Based Technologies for Increased Team Productivity
Leveraging Cloud Based Technologies for Increased Team Productivity
Justin Denton
 
6 Ways to Improve Employee Engagement and Create a Culture of Learning
6 Ways to Improve Employee Engagement and Create a Culture of Learning6 Ways to Improve Employee Engagement and Create a Culture of Learning
6 Ways to Improve Employee Engagement and Create a Culture of Learning
BizLibrary
 
Arvin Air Systems Inc.-President
Arvin Air Systems Inc.-PresidentArvin Air Systems Inc.-President
Arvin Air Systems Inc.-PresidentErika Kadar
 
Transforming Our Vision to Enhance Library Services
Transforming Our Vision to Enhance Library ServicesTransforming Our Vision to Enhance Library Services
Transforming Our Vision to Enhance Library Services
St. Petersburg College
 
S.M.A.R.T Goals setting
S.M.A.R.T Goals setting S.M.A.R.T Goals setting
S.M.A.R.T Goals setting
Nisreen Mohammad
 
2015 Technology Trends to Watch
2015 Technology Trends to Watch2015 Technology Trends to Watch
2015 Technology Trends to Watch
St. Petersburg College
 
Setting goals
Setting goals Setting goals
Setting goals jonchung
 
Are You Afraid of Setting Goals?
Are You Afraid of Setting Goals?Are You Afraid of Setting Goals?
Are You Afraid of Setting Goals?
George Hutton
 
7 Programación Web con .NET y C#
7 Programación Web con .NET y C#7 Programación Web con .NET y C#
7 Programación Web con .NET y C#
guidotic
 
Libraries Do Matter: Enhancing Traditional Services with Library 2.0
Libraries Do Matter: Enhancing Traditional Services with Library 2.0Libraries Do Matter: Enhancing Traditional Services with Library 2.0
Libraries Do Matter: Enhancing Traditional Services with Library 2.0
St. Petersburg College
 
Semillas Maquel 6 05
Semillas Maquel 6 05Semillas Maquel 6 05
Semillas Maquel 6 05
guest255f8a
 
Do you have a DR plan in place: so, don't let a disaster defeat your business
Do you have a DR plan in place: so, don't let a disaster defeat your businessDo you have a DR plan in place: so, don't let a disaster defeat your business
Do you have a DR plan in place: so, don't let a disaster defeat your business
Velocity Technology Solutions
 

Viewers also liked (20)

How to Insert your Library into the mobile sharing economy
How to Insert your Library into the mobile sharing economyHow to Insert your Library into the mobile sharing economy
How to Insert your Library into the mobile sharing economy
 
Leveraging Cloud Based Technology to Increase Productivity
Leveraging Cloud Based Technology to Increase ProductivityLeveraging Cloud Based Technology to Increase Productivity
Leveraging Cloud Based Technology to Increase Productivity
 
Automating with the Internet of Things
Automating with the Internet of ThingsAutomating with the Internet of Things
Automating with the Internet of Things
 
Beyond the Brick and Mortar - NEFLIN 2016 - Hot Topics User Experience Confer...
Beyond the Brick and Mortar - NEFLIN 2016 - Hot Topics User Experience Confer...Beyond the Brick and Mortar - NEFLIN 2016 - Hot Topics User Experience Confer...
Beyond the Brick and Mortar - NEFLIN 2016 - Hot Topics User Experience Confer...
 
Mesh Networks
Mesh NetworksMesh Networks
Mesh Networks
 
Leveraging Cloud Based Technologies for Increased Team Productivity
Leveraging Cloud Based Technologies for Increased Team ProductivityLeveraging Cloud Based Technologies for Increased Team Productivity
Leveraging Cloud Based Technologies for Increased Team Productivity
 
Minicarros antigos
Minicarros antigosMinicarros antigos
Minicarros antigos
 
6 Ways to Improve Employee Engagement and Create a Culture of Learning
6 Ways to Improve Employee Engagement and Create a Culture of Learning6 Ways to Improve Employee Engagement and Create a Culture of Learning
6 Ways to Improve Employee Engagement and Create a Culture of Learning
 
Arvin Air Systems Inc.-President
Arvin Air Systems Inc.-PresidentArvin Air Systems Inc.-President
Arvin Air Systems Inc.-President
 
Transforming Our Vision to Enhance Library Services
Transforming Our Vision to Enhance Library ServicesTransforming Our Vision to Enhance Library Services
Transforming Our Vision to Enhance Library Services
 
S.M.A.R.T Goals setting
S.M.A.R.T Goals setting S.M.A.R.T Goals setting
S.M.A.R.T Goals setting
 
setting goals
setting goals setting goals
setting goals
 
2015 Technology Trends to Watch
2015 Technology Trends to Watch2015 Technology Trends to Watch
2015 Technology Trends to Watch
 
Setting goals
Setting goals Setting goals
Setting goals
 
Are You Afraid of Setting Goals?
Are You Afraid of Setting Goals?Are You Afraid of Setting Goals?
Are You Afraid of Setting Goals?
 
7 Programación Web con .NET y C#
7 Programación Web con .NET y C#7 Programación Web con .NET y C#
7 Programación Web con .NET y C#
 
Libraries Do Matter: Enhancing Traditional Services with Library 2.0
Libraries Do Matter: Enhancing Traditional Services with Library 2.0Libraries Do Matter: Enhancing Traditional Services with Library 2.0
Libraries Do Matter: Enhancing Traditional Services with Library 2.0
 
Semillas Maquel 6 05
Semillas Maquel 6 05Semillas Maquel 6 05
Semillas Maquel 6 05
 
IYC12 - Setting Goals
IYC12 - Setting GoalsIYC12 - Setting Goals
IYC12 - Setting Goals
 
Do you have a DR plan in place: so, don't let a disaster defeat your business
Do you have a DR plan in place: so, don't let a disaster defeat your businessDo you have a DR plan in place: so, don't let a disaster defeat your business
Do you have a DR plan in place: so, don't let a disaster defeat your business
 

Similar to HTTPS

Introduction to Information Security
Introduction to Information SecurityIntroduction to Information Security
Introduction to Information Security
Dumindu Pahalawatta
 
Cryptography
CryptographyCryptography
Cryptography
TanviGogri
 
Entrepreneurship & Commerce in IT - 11 - Security & Encryption
Entrepreneurship & Commerce in IT - 11 - Security & EncryptionEntrepreneurship & Commerce in IT - 11 - Security & Encryption
Entrepreneurship & Commerce in IT - 11 - Security & Encryption
Sachintha Gunasena
 
Ledingkart Meetup #3: Security Basics for Developers
Ledingkart Meetup #3: Security Basics for DevelopersLedingkart Meetup #3: Security Basics for Developers
Ledingkart Meetup #3: Security Basics for Developers
Mukesh Singh
 
Https
HttpsHttps
Https
Bala Bhaskar Karakavalasa
 
HTTP VS. HTTPS: WHICH IS BETTER??
HTTP VS. HTTPS: WHICH IS BETTER??HTTP VS. HTTPS: WHICH IS BETTER??
HTTP VS. HTTPS: WHICH IS BETTER??
SEONetsolITSolutions
 
Session hijacking
Session hijackingSession hijacking
Session hijacking
Pushpinder Singh Joshi
 
Privacy & Security on the Web - Tools on Mozilla Firefox
Privacy & Security on the Web - Tools on Mozilla FirefoxPrivacy & Security on the Web - Tools on Mozilla Firefox
Privacy & Security on the Web - Tools on Mozilla Firefox
Abhiram Ravikumar
 
Https presentation
Https presentationHttps presentation
Https presentation
patel jatin
 
ITFT - Web security
ITFT - Web securityITFT - Web security
ITFT - Web security
Blossom Sood
 
Ipsec And Ssl Protocols ( Vpn )
Ipsec And Ssl Protocols ( Vpn )Ipsec And Ssl Protocols ( Vpn )
Ipsec And Ssl Protocols ( Vpn )
Monique Jones
 
WordPress and SSL
WordPress and SSLWordPress and SSL
WordPress and SSL
Chris Burgess
 
HTTP vs HTTPS Difference
HTTP vs HTTPS Difference HTTP vs HTTPS Difference
HTTP vs HTTPS Difference
Real Estate
 
Lesson 1. General Introduction to IT and Cyber Security.pptx
Lesson 1. General Introduction to IT and Cyber Security.pptxLesson 1. General Introduction to IT and Cyber Security.pptx
Lesson 1. General Introduction to IT and Cyber Security.pptx
Jezer Arces
 
Internet .ppt
Internet .pptInternet .ppt
Internet .ppt
Trust Odia
 
Cm2 secure code_training_1day_data_protection
Cm2 secure code_training_1day_data_protectionCm2 secure code_training_1day_data_protection
Cm2 secure code_training_1day_data_protection
dcervigni
 
HTTP cookie hijacking in the wild: security and privacy implications
HTTP cookie hijacking in the wild: security and privacy implicationsHTTP cookie hijacking in the wild: security and privacy implications
HTTP cookie hijacking in the wild: security and privacy implications
Priyanka Aash
 
Dublin Blockchain Group
Dublin Blockchain GroupDublin Blockchain Group
Dublin Blockchain Group
AWH
 
Web security
Web securityWeb security
Web security
truong nguyen
 
Block chains and crypto currencies - introduction
Block chains and crypto currencies - introductionBlock chains and crypto currencies - introduction
Block chains and crypto currencies - introduction
Initio
 

Similar to HTTPS (20)

Introduction to Information Security
Introduction to Information SecurityIntroduction to Information Security
Introduction to Information Security
 
Cryptography
CryptographyCryptography
Cryptography
 
Entrepreneurship & Commerce in IT - 11 - Security & Encryption
Entrepreneurship & Commerce in IT - 11 - Security & EncryptionEntrepreneurship & Commerce in IT - 11 - Security & Encryption
Entrepreneurship & Commerce in IT - 11 - Security & Encryption
 
Ledingkart Meetup #3: Security Basics for Developers
Ledingkart Meetup #3: Security Basics for DevelopersLedingkart Meetup #3: Security Basics for Developers
Ledingkart Meetup #3: Security Basics for Developers
 
Https
HttpsHttps
Https
 
HTTP VS. HTTPS: WHICH IS BETTER??
HTTP VS. HTTPS: WHICH IS BETTER??HTTP VS. HTTPS: WHICH IS BETTER??
HTTP VS. HTTPS: WHICH IS BETTER??
 
Session hijacking
Session hijackingSession hijacking
Session hijacking
 
Privacy & Security on the Web - Tools on Mozilla Firefox
Privacy & Security on the Web - Tools on Mozilla FirefoxPrivacy & Security on the Web - Tools on Mozilla Firefox
Privacy & Security on the Web - Tools on Mozilla Firefox
 
Https presentation
Https presentationHttps presentation
Https presentation
 
ITFT - Web security
ITFT - Web securityITFT - Web security
ITFT - Web security
 
Ipsec And Ssl Protocols ( Vpn )
Ipsec And Ssl Protocols ( Vpn )Ipsec And Ssl Protocols ( Vpn )
Ipsec And Ssl Protocols ( Vpn )
 
WordPress and SSL
WordPress and SSLWordPress and SSL
WordPress and SSL
 
HTTP vs HTTPS Difference
HTTP vs HTTPS Difference HTTP vs HTTPS Difference
HTTP vs HTTPS Difference
 
Lesson 1. General Introduction to IT and Cyber Security.pptx
Lesson 1. General Introduction to IT and Cyber Security.pptxLesson 1. General Introduction to IT and Cyber Security.pptx
Lesson 1. General Introduction to IT and Cyber Security.pptx
 
Internet .ppt
Internet .pptInternet .ppt
Internet .ppt
 
Cm2 secure code_training_1day_data_protection
Cm2 secure code_training_1day_data_protectionCm2 secure code_training_1day_data_protection
Cm2 secure code_training_1day_data_protection
 
HTTP cookie hijacking in the wild: security and privacy implications
HTTP cookie hijacking in the wild: security and privacy implicationsHTTP cookie hijacking in the wild: security and privacy implications
HTTP cookie hijacking in the wild: security and privacy implications
 
Dublin Blockchain Group
Dublin Blockchain GroupDublin Blockchain Group
Dublin Blockchain Group
 
Web security
Web securityWeb security
Web security
 
Block chains and crypto currencies - introduction
Block chains and crypto currencies - introductionBlock chains and crypto currencies - introduction
Block chains and crypto currencies - introduction
 

Recently uploaded

The French Revolution Class 9 Study Material pdf free download
The French Revolution Class 9 Study Material pdf free downloadThe French Revolution Class 9 Study Material pdf free download
The French Revolution Class 9 Study Material pdf free download
Vivekanand Anglo Vedic Academy
 
The Challenger.pdf DNHS Official Publication
The Challenger.pdf DNHS Official PublicationThe Challenger.pdf DNHS Official Publication
The Challenger.pdf DNHS Official Publication
Delapenabediema
 
Unit 2- Research Aptitude (UGC NET Paper I).pdf
Unit 2- Research Aptitude (UGC NET Paper I).pdfUnit 2- Research Aptitude (UGC NET Paper I).pdf
Unit 2- Research Aptitude (UGC NET Paper I).pdf
Thiyagu K
 
Sha'Carri Richardson Presentation 202345
Sha'Carri Richardson Presentation 202345Sha'Carri Richardson Presentation 202345
Sha'Carri Richardson Presentation 202345
beazzy04
 
Embracing GenAI - A Strategic Imperative
Embracing GenAI - A Strategic ImperativeEmbracing GenAI - A Strategic Imperative
Embracing GenAI - A Strategic Imperative
Peter Windle
 
Biological Screening of Herbal Drugs in detailed.
Biological Screening of Herbal Drugs in detailed.Biological Screening of Herbal Drugs in detailed.
Biological Screening of Herbal Drugs in detailed.
Ashokrao Mane college of Pharmacy Peth-Vadgaon
 
The Roman Empire A Historical Colossus.pdf
The Roman Empire A Historical Colossus.pdfThe Roman Empire A Historical Colossus.pdf
The Roman Empire A Historical Colossus.pdf
kaushalkr1407
 
2024.06.01 Introducing a competency framework for languag learning materials ...
2024.06.01 Introducing a competency framework for languag learning materials ...2024.06.01 Introducing a competency framework for languag learning materials ...
2024.06.01 Introducing a competency framework for languag learning materials ...
Sandy Millin
 
The basics of sentences session 5pptx.pptx
The basics of sentences session 5pptx.pptxThe basics of sentences session 5pptx.pptx
The basics of sentences session 5pptx.pptx
heathfieldcps1
 
Chapter 3 - Islamic Banking Products and Services.pptx
Chapter 3 - Islamic Banking Products and Services.pptxChapter 3 - Islamic Banking Products and Services.pptx
Chapter 3 - Islamic Banking Products and Services.pptx
Mohd Adib Abd Muin, Senior Lecturer at Universiti Utara Malaysia
 
678020731-Sumas-y-Restas-Para-Colorear.pdf
678020731-Sumas-y-Restas-Para-Colorear.pdf678020731-Sumas-y-Restas-Para-Colorear.pdf
678020731-Sumas-y-Restas-Para-Colorear.pdf
CarlosHernanMontoyab2
 
Language Across the Curriculm LAC B.Ed.
Language Across the Curriculm LAC B.Ed.Language Across the Curriculm LAC B.Ed.
Language Across the Curriculm LAC B.Ed.
Atul Kumar Singh
 
A Strategic Approach: GenAI in Education
A Strategic Approach: GenAI in EducationA Strategic Approach: GenAI in Education
A Strategic Approach: GenAI in Education
Peter Windle
 
Acetabularia Information For Class 9 .docx
Acetabularia Information For Class 9 .docxAcetabularia Information For Class 9 .docx
Acetabularia Information For Class 9 .docx
vaibhavrinwa19
 
1.4 modern child centered education - mahatma gandhi-2.pptx
1.4 modern child centered education - mahatma gandhi-2.pptx1.4 modern child centered education - mahatma gandhi-2.pptx
1.4 modern child centered education - mahatma gandhi-2.pptx
JosvitaDsouza2
 
Honest Reviews of Tim Han LMA Course Program.pptx
Honest Reviews of Tim Han LMA Course Program.pptxHonest Reviews of Tim Han LMA Course Program.pptx
Honest Reviews of Tim Han LMA Course Program.pptx
timhan337
 
TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...
TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...
TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...
EugeneSaldivar
 
Adversarial Attention Modeling for Multi-dimensional Emotion Regression.pdf
Adversarial Attention Modeling for Multi-dimensional Emotion Regression.pdfAdversarial Attention Modeling for Multi-dimensional Emotion Regression.pdf
Adversarial Attention Modeling for Multi-dimensional Emotion Regression.pdf
Po-Chuan Chen
 
How libraries can support authors with open access requirements for UKRI fund...
How libraries can support authors with open access requirements for UKRI fund...How libraries can support authors with open access requirements for UKRI fund...
How libraries can support authors with open access requirements for UKRI fund...
Jisc
 
Supporting (UKRI) OA monographs at Salford.pptx
Supporting (UKRI) OA monographs at Salford.pptxSupporting (UKRI) OA monographs at Salford.pptx
Supporting (UKRI) OA monographs at Salford.pptx
Jisc
 

Recently uploaded (20)

The French Revolution Class 9 Study Material pdf free download
The French Revolution Class 9 Study Material pdf free downloadThe French Revolution Class 9 Study Material pdf free download
The French Revolution Class 9 Study Material pdf free download
 
The Challenger.pdf DNHS Official Publication
The Challenger.pdf DNHS Official PublicationThe Challenger.pdf DNHS Official Publication
The Challenger.pdf DNHS Official Publication
 
Unit 2- Research Aptitude (UGC NET Paper I).pdf
Unit 2- Research Aptitude (UGC NET Paper I).pdfUnit 2- Research Aptitude (UGC NET Paper I).pdf
Unit 2- Research Aptitude (UGC NET Paper I).pdf
 
Sha'Carri Richardson Presentation 202345
Sha'Carri Richardson Presentation 202345Sha'Carri Richardson Presentation 202345
Sha'Carri Richardson Presentation 202345
 
Embracing GenAI - A Strategic Imperative
Embracing GenAI - A Strategic ImperativeEmbracing GenAI - A Strategic Imperative
Embracing GenAI - A Strategic Imperative
 
Biological Screening of Herbal Drugs in detailed.
Biological Screening of Herbal Drugs in detailed.Biological Screening of Herbal Drugs in detailed.
Biological Screening of Herbal Drugs in detailed.
 
The Roman Empire A Historical Colossus.pdf
The Roman Empire A Historical Colossus.pdfThe Roman Empire A Historical Colossus.pdf
The Roman Empire A Historical Colossus.pdf
 
2024.06.01 Introducing a competency framework for languag learning materials ...
2024.06.01 Introducing a competency framework for languag learning materials ...2024.06.01 Introducing a competency framework for languag learning materials ...
2024.06.01 Introducing a competency framework for languag learning materials ...
 
The basics of sentences session 5pptx.pptx
The basics of sentences session 5pptx.pptxThe basics of sentences session 5pptx.pptx
The basics of sentences session 5pptx.pptx
 
Chapter 3 - Islamic Banking Products and Services.pptx
Chapter 3 - Islamic Banking Products and Services.pptxChapter 3 - Islamic Banking Products and Services.pptx
Chapter 3 - Islamic Banking Products and Services.pptx
 
678020731-Sumas-y-Restas-Para-Colorear.pdf
678020731-Sumas-y-Restas-Para-Colorear.pdf678020731-Sumas-y-Restas-Para-Colorear.pdf
678020731-Sumas-y-Restas-Para-Colorear.pdf
 
Language Across the Curriculm LAC B.Ed.
Language Across the Curriculm LAC B.Ed.Language Across the Curriculm LAC B.Ed.
Language Across the Curriculm LAC B.Ed.
 
A Strategic Approach: GenAI in Education
A Strategic Approach: GenAI in EducationA Strategic Approach: GenAI in Education
A Strategic Approach: GenAI in Education
 
Acetabularia Information For Class 9 .docx
Acetabularia Information For Class 9 .docxAcetabularia Information For Class 9 .docx
Acetabularia Information For Class 9 .docx
 
1.4 modern child centered education - mahatma gandhi-2.pptx
1.4 modern child centered education - mahatma gandhi-2.pptx1.4 modern child centered education - mahatma gandhi-2.pptx
1.4 modern child centered education - mahatma gandhi-2.pptx
 
Honest Reviews of Tim Han LMA Course Program.pptx
Honest Reviews of Tim Han LMA Course Program.pptxHonest Reviews of Tim Han LMA Course Program.pptx
Honest Reviews of Tim Han LMA Course Program.pptx
 
TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...
TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...
TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...
 
Adversarial Attention Modeling for Multi-dimensional Emotion Regression.pdf
Adversarial Attention Modeling for Multi-dimensional Emotion Regression.pdfAdversarial Attention Modeling for Multi-dimensional Emotion Regression.pdf
Adversarial Attention Modeling for Multi-dimensional Emotion Regression.pdf
 
How libraries can support authors with open access requirements for UKRI fund...
How libraries can support authors with open access requirements for UKRI fund...How libraries can support authors with open access requirements for UKRI fund...
How libraries can support authors with open access requirements for UKRI fund...
 
Supporting (UKRI) OA monographs at Salford.pptx
Supporting (UKRI) OA monographs at Salford.pptxSupporting (UKRI) OA monographs at Salford.pptx
Supporting (UKRI) OA monographs at Salford.pptx
 

HTTPS

  • 1. How do you know if your information is secure?
  • 2.
  • 3. Justin Denton • justindenton@mac.com • http://www.libchalk.com • Linkedin: • https://www.linkedin.com/in/j ustindenton1 • Twitter: @cyberdenton
  • 4. What we’re covering today… • What HTTPS is. • How HTTPS functions. • Where to get a SSL certificates? • Why HTTPS? • How to enable HTTPS. • Where should HTTPS be implemented? • Communication and Training • Best Practices & Tips.
  • 5. What is • HTTP is how a Web Server communications with Web Browsers • HTTPS is secure communication between a Web Server and Web Browsers S
  • 6. Founded • Netscape Communications created HTTPS in 1994 for its Netscape Navigator web browser.[40] Originally, HTTPS was used with the SSL protocol. As SSL evolved into Transport Layer Security (TLS), the current version of HTTPS was formally specified by RFC 2818 in May 2000.
  • 7. What type of sites have you been to that use HTTPS?
  • 8. What does HTTPS Do? • HTTPS verifies the identity of a website and encrypts nearly all information sent between the website and the user. • Protected information includes cookies, user agent details, URL paths, form submissions, and query string parameters. • HTTPS is a combination of HTTP and Transport Layer Security (TLS). • Browsers and other HTTPS clients are configured to trust a set of certificate authorities that can issue cryptographically signed certificates on behalf of web service owners.
  • 9. What Doesn’t HTTPS Do? • HTTPS has several important limitations. • IP addresses and destination domain names are not encrypted. • Even encrypted traffic can reveal some information indirectly, such as time spent on site, or the size of requested resources or submitted information. • HTTPS only guarantees the integrity of the connection between two systems, not the systems themselves. • It is not designed to protect a web server from being hacked. • If a user’s system is compromised by an attacker, that system can be altered so that its future HTTPS connections are under the attacker’s control.
  • 10. Using HTTPS… • The computers agree on a "code" between them, and then they scramble the messages using that "code" so that no one in between can read them. This keeps your information safe from hackers. • They use the "code" on a Secure Sockets Layer (SSL), sometimes called Transport Layer Security (TLS) to send the information back and forth.
  • 11. How can you make your site Secure? • Utilize a security certificated called a SSL certificate. • SSL = Secure Sockets Layer • SSL certification ensures website visitors that you are the owner of the website and that the information is secured using a SSL certificate authority. • Free SSL • https://letsencrypt.org/
  • 12. Any individual or organization that uses their website to require, receive, process, collect, store, or display confidential or sensitive information. Some examples of this information are: • Logins and Passwords • Financial Information (e.g., credit card numbers, bank accounts) • Personal data (e.g., names, addresses, social security numbers, birth dates) • Proprietary information • Legal documents and contracts • Client lists • Medical records Who needs an SSL Certificate?
  • 13. Question • You click to check out at an online merchant. Suddenly your browser address bar says HTTPS instead of HTTP. What's going on? Is your credit card information safe?
  • 14. Answer • Good news. Your information is safe. The website you are working with has made attempts to ensure that no one can steal your information.
  • 17. Has anyone ever been a Victim?
  • 18. Why HTTPS? • Prevents Hackers from watching what you do over the Internet • Encrypts Data • Keeps stuff private • Keeps you safe • Prevents people from tracking your internet activity • Unencrypted HTTP request reveals information about a user’s behavior. The HTTP protocol does not protect data from interception or alteration.
  • 19.
  • 20. Why? • Chosen as a good place to put an international message • Posting click-baity articles and spam • Posting political message • Holding for ransom • Fun / Competition • Money • Steal Personal Info • No reason at all..
  • 21. High percentages of people have fell victim. More than 1 in 10 on average in the US.
  • 23. How are they getting in? • Unsecure POP3 Email Servers • Public Wi-Fi not secure • HTTPS is not being used on sites that you are accessing • No Anti-Spyware / Anti-Virus Software installed (or out of date) • User base not aware
  • 24. Does HTTPS Solve all my worries? • A sophisticated type of man-in-the-middle attack called SSL stripping was presented at the Blackhat Conference 2009. • This type of attack defeats the security provided by HTTPS by changing the https: link into an http: link.
  • 25. http://tinyurl.com/JDHTTPS Recovering from a Loss of Identity or being a victim of information Theft can be a PAINFUL process.
  • 26. Enabling HTTPS… • Things you need to do… • Enable HTTPS on your Web Server • Easy for Public Hosting companies such as GoDaddy • Harder if you run your own. (Recommend engaging IT Expert.) • Hosted sites are Click and Pay. • Some configuration may be needed. • Hosting providers will have specific documentation on how to configure. • Provider Dependant • Test your site after implementing • Look for the Browser Locks
  • 27. What’s your responsibility? • Provide a safe and secure environment for your customers • Implement & test Internet security measures • Register and maintain an SSL Certificate • Educate your customers
  • 28. How to stay secure? Take Preventative Measures…
  • 29. Does anyone in attendance do anything to protect themselves while online?
  • 30. How can you be secure? • Be aware when putting in data “YOU” want to protect into a non-HTTPS secure site • Have Anti-Virus software installed and updated • Don’t go to suspicious sites • Utilize private VPN • Make sure you use Encrypted apps • Use a password manager
  • 31. How can you be secure? Cont’d… • Remember to be on the “CORRECT” Site.. HTTPS doesn’t mean that the site is Secure from Hackers.. Just means that the data you enter onto the site is encrypted and protected form others that could potentially see it. • If you go to a Hacker Site with HTTPS, your data is secure, but only secure between you and the hacker
  • 32. How is the Government handling this? • The HTTPS-Only Standard • A memorandum M-15-13, “A Policy to Require Secure Connections across Federal Websites and Web Services”
  • 33. Best Practices… • SSL Certificates • Keep track of when they expire. • Ensure you renew on-time. • Understanding that HTTPS runs on Port 443 & HTTP runs on Port 80. (What does this mean?) • Modify firewall settings
  • 34. Communication & Training • Building strategies for communication & training to consumers • Continue to inform • Have security awareness programs for employees and consumers • Have a Cyber-Safety Month • Other ideas?
  • 35. What should you remember?
  • 36. • There are obvious instances in which this type of secure connection is a must.  Transfer of Personal Identifiable Information  Transfer of transaction data in e-commerce  Transfer of any other sensitive data • The actual act of securing a website is a very complex process. • HTTPS does not stop attackers from hacking a website, web server or network. • It will not stop an attacker from exploiting software vulnerabilities, brute forcing your access controls or ensure your websites availability by mitigating Distributed Denial of Services (DDOS) attacks. Remember…

Editor's Notes

  1. HTTPS verifies the identity of a website or web service for a connecting client, and encrypts nearly all information sent between the website or service and the user. Protected information includes cookies, user agent details, URL paths, form submissions, and query string parameters. HTTPS is designed to prevent this information from being read or changed while in transit. HTTPS is a combination of HTTP and Transport Layer Security (TLS). TLS is a network protocol that establishes an encrypted connection to an authenticated peer over an untrusted network. Browsers and other HTTPS clients are configured to trust a set of certificate authorities [2] that can issue cryptographically signed certificates on behalf of web service owners. These certificates communicate to the client that the web service host demonstrated ownership of the domain to the certificate authority at the time of certificate issuance. This prevents unknown or untrusted websites from masquerading as a Federal website or service.
  2. What HTTPS Doesn’t Do HTTPS has several important limitations. IP addresses and destination domain names are not encrypted during communication. Even encrypted traffic can reveal some information indirectly, such as time spent on site, or the size of requested resources or submitted information. HTTPS only guarantees the integrity of the connection between two systems, not the systems themselves. It is not designed to protect a web server from being hacked or compromised, or to prevent the web service from exposing user information during its normal operation. Similarly, if a user’s system is compromised by an attacker, that system can be altered so that its future HTTPS connections are under the attacker’s control. The guarantees of HTTPS may also be weakened or eliminated by compromised or malicious certificate authorities.
  3. Data sent over HTTP is susceptible to interception, manipulation, and impersonation. This data can include browser identity, website content, search terms, and other user-submitted information.
  4. Not only websites are being targeted.. Even Facebook, twitter, Pintrest, etc.. Anything that is popular and drives awareness.. Smaller sites that are hacked are usually people that are playing around testing there skills.. Large sites hacked are to distribute a message.
  5. American Library Association’s Facebook page and posted an endless stream of clickbaity articles and spam.
  6. Taking advantage of the fact that few Internet users actually type "https" into their browser interface: they get to a secure site by clicking on a link, and thus are fooled into thinking that they are using HTTPS when in fact they are using HTTP. The attacker then communicates in clear with the client.[38] This prompted the development of a countermeasure in HTTP called HTTP Strict Transport Security.
  7. https://www.idology.com/wp-content/uploads/2014/07/infographic_stolen_ID_Identity_Theft.jpg
  8. It provides guidance to agencies for making the transition to HTTPS and a deadline by which agencies must be in compliance.