Digital Media
What is the difference between http and https?
Time to know this with 32 lakh debit cards compromised in India.
Some of you may be aware of this difference, but it is worth sharing for many that are not.
The main difference between HTTP:// and HTTPS:// is all about keeping you secure.
HTTP stands for HyperText Transfer Protocol.
The S (big surprise) stands for “Secure”. If you visit a Website or web page and look at the address in the web browser, it is likely, to begin with, the following: http://.
This means that the website is talking to your browser using the regular unsecured language. In other words, it is possible for someone to “eavesdrop” on your computer’s conversation with the Website. If you fill out a form on the website, someone might see the information you send to that site.
This is why you never ever enter your credit card number in an Http website! But if the web address begins with https://, that means your computer is talking to the website in a Secure code that no one can eavesdrop on.
Now, you understand why this is so important, right?
If a website ever asks you to enter your Credit/Debit card Information, you should automatically look to see if the web address begins with https://.
If it doesn’t, you should NEVER enter sensitive Information such as a credit/debit card number.
While checking the name of any website, first look for the domain extension (.com or .org, .co, .in, .net etc). The name just before this is the domain name of the website. Eg, in the above example, http://amazon.diwali-festivals.com, the word before .com is “diwali-festivals” (and NOT “amazon”). So, this webpage does not belong to amazon.com but belongs to “diwali-festivals.com”, which we all haven’t heard of before.
You can similarly check for bank frauds. Before your ebanking logins, make sure that the name just before “.com” is the name of your bank. “Something.icicibank.com” belongs to icici; but, icicibank.some1else.com belongs to “some1else”.
Https doesn’t mean it is secure as the https server may be compromised and masquerading as a genuine server. There are many inherent issues in the current standard tls1.2 which will be taken care of by the new protocol tls1.3, which is much more safer
This is a simple, but a good and necessary knowledge to have at times like these.
This useful article for our readers curated from the web.