How can an https web site still be nonsecure?

Search First! Then browse: Categories | Full Archive | By Date | Newsletter

Comments

All Comments on: How can an https web site still be nonsecure?

Read the article that everyone's commenting on.
Subscribe to the RSS Feed for comments on this article.

Comment Page: 1 | 2

I read several months ago, in an article on some of the "worst" spyware out there, that it's possible for spyware to read https information, by installing itself in the browser between the browser and the SSL layer. (Unfortunately, I didn't save a link to the online version.)

Basically, the browser communicates internally with the SSL layer unencrypted. By wedging itself in that layer, the spyware can see everything unencrypted.

Have you heard anything of this?

Spyware and viruses can to ANYTHING - that's why they're to be avoided at all costs.

-Leo

Posted by: Ken B at July 30, 2008 9:10 AM

yes leo, as you kind of alluded to, you can "view" "source" and read the html for where the link is pointed to but you just about have to have atleast some knowledge of html, like us geeks...lol

That's why I mention AJAX, since that is often incomprehensible to even those of us who could read it.

-Leo

Posted by: David at July 30, 2008 2:35 PM

Great explanation! I never fully realized that it was the target page that really mattered, not the current page.

Posted by: Bucky at July 30, 2008 5:41 PM

Hi Leo, I am a high school student. I am familiar with html but I was wondering is there a way of creating an online database that can be accessed by anyone using HTLM only. If so what are the necessary steps in doing so. And if not is there a way of creating and online database using other methods eg PHP, XHTML etc. And what would be the necessary steps.

Posted by: Ryan at July 30, 2008 8:09 PM

Great article Leo ,you explained http/https method in details with extra information and solutions , really great article for beginners and professionals....thanks Leo.

Posted by: peter at July 31, 2008 3:37 AM

You've done it again! Not only made the subject clear and understandable, but gave easy to follow instructions that even a senior citizen can follow.
Thanks - I feel safer now - for a while.

Posted by: Tom at August 5, 2008 8:43 AM

Thanks Leo. That was enlightening (as always).
Thanks a lot.

Posted by: Feyisayo at August 5, 2008 9:15 AM

Agaian, a great topic, well explained.
Thank you

Posted by: Bob Rutske at August 5, 2008 7:37 PM

Since hovering over the 'Login' didn't work, I tried entering a fake username and password. Clicking 'Login' gave me an unknown user/password message but the URL started 'https' - could this be an easy way to verify the URL of the target page?

Unfortunately no. It's very possible that the URL you went to first was some other URL that, for example, captured your information and then automatically and transparently sent you on to the https URL.

-Leo

Posted by: Guy at August 5, 2008 8:24 PM

I don't know of a better way to get info to you and it may be important. In your News letter just below the link to this article I found this: MailScanner has detected a possible fraud attempt from "clicks.aweber.com" claiming to be http://www.ThisIsTrue.com. "MailScanner has detected a possible fraud attempt from "clicks.aweber.com" claiming to be" was in RED. I think I have MailScanner on my computer so I think this may be bad. I won't click on it unless you can say nothing to worry about. More information would be appreciated.

"Aweber" is the company that processes my mailing list, and they modify links so that I can see which links people are clicking on. So the link is safe.

-Leo

Posted by: David Sorge at August 10, 2008 7:27 PM

Comment Page: 1 | 2

Read the article that everyone's commenting on.

Subscribe to the RSS Feed for comments on this article.