Helping people with computers... one answer at a time.

One of the ways that hackers gain access to valuable information is to eavesdrop on internet connections. It's important to know if you're secure.

My computer occasionally tells me that you are about to leave a secure internet connection. It would be possible for others to view information you send. What does this mean.

Most of the time it's an informational message that you can safely ignore. However there are times that it's critically important to know what it means, and whether or not you should be doing something differently.

The issue?

Someone could be eavesdropping.

Depending on your network and how you're connected to the internet, all computers "close to" each other can actually "see" the network traffic of all the others. For example you could be doing some on-line banking using one computer in your home, but all the data traveling between your computer and your bank could be viewed by another computer in your home. Other computers typically don't listen in, because it's clear that the data is destined for your computer and not another, but software exists that can ignore that.

"Sniffing" software can monitor the data going to and from other computers on the network. This kind of sniffing is particularly easy in WiFi hotspots. When network traffic is wireless, any computer within range of the signal can listen in.

It's kind of like being in a restaurant and listening to the conversation at the table next to you. It's not meant for you, but it's very easy to eavesdrop and listen in.

"It's kind of like being in a restaurant and listening to the conversation at the table next to you."

A "secure" internet connection is one where the data being sent back and forth is encrypted. Only the machine it's destined for knows how to decrypt and read the information.

This is kind of like being back in that same restaurant and listening in, only this time you can't understand a word of what's being said because they're speaking a completely different language. You can listen all you want, it just won't do you any good. Only the two people speaking to each other understand their own language.

"https" connections are encrypted, secure internet connections. "http" connections are not. "http" connections can be sniffed and understood; "https" connections can also be sniffed but the data visible is unintelligible.

In some cases when you're on a page that you visited using an "https" connection, and you click a link that is going to go to a "http" connection, your browser will warn you, and that's the message you're seeing. The issue is that you're leaving a secure connection (https) for an insecure one (http). If the browser didn't warn you it might be easy to miss the fact that this had happened and think that you were browsing securely when you weren't.

It's not at all uncommon to transition from websites accessed by "https" to those accessed with plain "http". "https" is actually a tad slower, and not all information needs to be transmitted securely. There's no reason, for example, to encrypt the contents of this page, and so there's no "https://ask-leo.com". However sites that require security, such as banking or other sensitive services, may be available only via "https".

Linking from one to another is common. The warning is simply that, a warning, so that you know just how secure you are.

Article C3158 - September 24, 2007 « »

Share this article with your friends:

Share this article on Facebook Tweet this article Email a link to this article
Leo Leo A. Notenboom has been playing with computers since he was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed. After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers to common computer and technical questions. More about Leo.

Not what you needed?

4 Comments
John
September 28, 2007 7:11 PM

Okay, so I understand that networked traffic can be listened to by others on the network if it isn't encrypted. I presume you're talking about a LAN. But what about the WAN (if I understand the term correctly). I have just subscribed to a wireless ISP - not a WiFi - but the kind where the ISP gave me a wireless modem that connects to the nearby cell tower. Is this kind of connection safe? The person in the next office uses a ISP/wireless modem with an internet phone. Are his conversations secure? When we talk about "out there" (on the internet) versus "in here" (on the LAN), is the trsnsition at my modem or at the cell tower? Or where?

The question of using an internet phone with a wireless modem is a big deal, because it is the means that some phone companies are using to provide local phone service which bypasses the land lines yet acts like a landline service. So if there are any doubts about its security this will be a major concern.

Leo A. Notenboom
October 1, 2007 4:46 PM

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

GREAT question.

The short answer is that for now I believe you're safe on cellular and WiMax
type of networks. I *believe* that the data is encrypted, but even if not
sniffing equipment is not nearly as prevelant as it is with WiFi. Any laptop
can sniff Wifi. I know I happily use my cellular connection without the same
encrypting safeguards that I do when I use WiFi. (Though I keep my firewall up,
since it is a direct internet connection.)

I honestly don't know about internet phones. I know that *some* are encrypted,
but which I do not know. I'd check with the providers.

Leo


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)

iD8DBQFHAYbuCMEe9B/8oqERAioRAJ4/3YRgMYeYaMEbScZSFRGlQvcHOwCfQa01
E94/P/uKryVhZZptHTnnIvc=
=etkk
-----END PGP SIGNATURE-----

MARK A. LEITER
October 23, 2010 7:56 AM

I had an interesting, suspicious incident I'd like to ask your Comment on: I found a Free Sportsbook, advertised out of Cyprus. Signing up, without divulging personal info, I was assigned a personal Username and Password, via e-mail. However, when I proceeded to Login, a Popup informed me that Login is only possible through a "Nonsecure connection". Am I correct to be suspicious? Thank you.

Not really. Many sites don't use https even when they should, but it doesn't imply anything nefarious.
Leo
24-Oct-2010

Kev
April 25, 2011 4:44 AM

Hi Leo,

I have a question that might be silly but say I use my cellphone as a hotspot for my PC and access my email or bank account. Can the sniffers/hackers get direct access to the page I'm viewing or my account or is it like they're just watching me navigate??

Thank you in advance,
Kev

Comments on this entry are closed.

If you have a question, start by using the search box up at the top of the page - there's a very good chance that your question has already been answered on Ask Leo!.

If you don't find your answer, head out to http://askleo.com/ask to ask your question.