The
increase in Internet phishing attacks, cyberstalking and other
pervasive threats on the World Wide Web is only matching the
ever-increasing rate of Internet users. These social crimes perpetrated
on the Internet may seem sophisticated to users, but can be tackled by
incorporating simple measures into one's browsing habits.
Choosing
‘secure' browsing where possible — as indicated by the ‘s' after the
‘http' on the address bar on the newer browsers — is one of the
simplest, yet most effective means of fortifying privacy and enhancing
security while transacting on the Internet.
THE RISKS
Traffic
snooping, either by purporting to be a trusted source of information,
or eavesdropping on users' traffic by capturing Internet packet data,
can reveal enormous amounts of information to the attackers about the
victim.
Information
such as user names, passwords and other important credentials can be
directly retrieved, or ‘phished' if the connection is insecure.
Eavesdropping on a user's web habits can be used to harass them.
These
risks are applicable to all traffic plying on insecure links — the HTTP
links that are normally used. HTTP (Hyper Text Transfer Protocol) is
the default rule-set for browsing on the Internet and is prone to
security risks.
To
counter the pitfalls in HTTP, a secure variant, HTTPS, is being widely
used, and not just on financial transaction portals, which were
primarily using it.
ENCRYPTION
HTTPS provides enhanced security by authenticating the identity of the websites and encrypting the information.
It
embeds a mechanism to authenticate websites by signing Transport Layer
Security (TLS) certificates, which identify how genuine a website is.
This mechanism eliminates fraudsters purporting to be trusted websites,
for the TLS certificates cannot be authenticated by them.
Encrypting
information using 128-bit encryption mechanism or more sophisticated
cryptography algorithms make it virtually impossible for sniffers to
make sense out of the traffic flowing.
Karthik
Rao, a budding ethical hacker, points out the benefits of using secure
links via HTTPS. “Man-in-the-middle (MITM) attacks, where the attacker
acts as an invisible relay between two hosts with the purpose of
manipulating traffic is easy to unleash when there is an insecure link,
whereas it is subdued to a great extent if the link is on HTTPS,” he
says.
HTTPS EVERYWHERE
HTTPS
content access should be supported by websites. While the browsers can
access the content on secure links by appending https instead of http in
the URL of websites, this would get cumbersome, and there is also a
problem when the websites are not serving content over secure links.
Automating
this functionality and going back to HTTP only when https in
unavailable, is facilitated by a free and open source software, ‘HTTPS
Everywhere', which works as an add-on to the open source web browser
Mozilla Firefox. HTTPS Everywhere ensures secure and encrypted
communication with websites supporting HTTPS content access.
With
major websites including Google, Wikipedia, Facebook, Youtube and
Twitter serving secure content, a huge portion of routine browsing can
be secure, hence reducing risks such as phishing.
HTTPS
Everywhere is a project by The Onion Routing (TOR) project and the
Electronic Frontier Foundation (EFF), who are working on making the
Internet safer, more secure and with increased privacy to users.
The
add-on is currently supported only by Mozilla Firefox, while support on
the Google Chrome browser may come in near future. It can be downloaded
from https://www.eff.org/ https-everywhere
Source : The Hindu dtd 15/01/2012
0 comments:
Post a Comment