Summary: One of the ways that hackers gain access to valuable information is to eavesdrop on internet connections. It's important to know if you're secure.
My computer occasionally tells me that you are about to leave a secure internet connection. It would be possible for others to view information you send. What does this mean.
•
Most of the time it's an informational message that you can safely ignore. However there are times that it's critically important to know what it means, and whether or not you should be doing something differently.
The issue?
Someone could be eavesdropping.
•
Depending on your network and how you're connected to the internet, all computers "close to" each other can actually "see" the network traffic of all the others. For example you could be doing some on-line banking using one computer in your home, but all the data traveling between your computer and your bank could be viewed by another computer in your home. Other computers typically don't listen in, because it's clear that the data is destined for your computer and not another, but software exists that can ignore that.
"Sniffing" software can monitor the data going to and from other computers on the network. This kind of sniffing is particularly easy in WiFi hotspots. When network traffic is wireless, any computer within range of the signal can listen in.
It's kind of like being in a restaurant and listening to the conversation at the table next to you. It's not meant for you, but it's very easy to eavesdrop and listen in.
A "secure" internet connection is one where the data being sent back and forth is encrypted. Only the machine it's destined for knows how to decrypt and read the information.
This is kind of like being back in that same restaurant and listening in, only this time you can't understand a word of what's being said because they're speaking a completely different language. You can listen all you want, it just won't do you any good. Only the two people speaking to each other understand their own language.
"https" connections are encrypted, secure internet connections. "http" connections are not. "http" connections can be sniffed and understood; "https" connections can also be sniffed but the data visible is unintelligible.
In some cases when you're on a page that you visited using an "https" connection, and you click a link that is going to go to a "http" connection, your browser will warn you, and that's the message you're seeing. The issue is that you're leaving a secure connection (https) for an insecure one (http). If the browser didn't warn you it might be easy to miss the fact that this had happened and think that you were browsing securely when you weren't.
It's not at all uncommon to transition from websites accessed by "https" to those accessed with plain "http". "https" is actually a tad slower, and not all information needs to be transmitted securely. There's no reason, for example, to encrypt the contents of this page, and so there's no "https://ask-leo.com". However sites that require security, such as banking or other sensitive services, may be available only via "https".
Linking from one to another is common. The warning is simply that, a warning, so that you know just how secure you are.
Related:
-
Ask Leo! - Can hackers see data going to and from my computer?
-
Ask Leo! - Internet Safety: How do I keep my computer safe on the internet?
Article C3158 - September 24, 2007
Okay, so I understand that networked traffic can be listened to by others on the network if it isn't encrypted. I presume you're talking about a LAN. But what about the WAN (if I understand the term correctly). I have just subscribed to a wireless ISP - not a WiFi - but the kind where the ISP gave me a wireless modem that connects to the nearby cell tower. Is this kind of connection safe? The person in the next office uses a ISP/wireless modem with an internet phone. Are his conversations secure? When we talk about "out there" (on the internet) versus "in here" (on the LAN), is the trsnsition at my modem or at the cell tower? Or where?
The question of using an internet phone with a wireless modem is a big deal, because it is the means that some phone companies are using to provide local phone service which bypasses the land lines yet acts like a landline service. So if there are any doubts about its security this will be a major concern.
Posted by: John at September 28, 2007 7:11 PM-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
GREAT question.
The short answer is that for now I believe you're safe on cellular and WiMax
type of networks. I *believe* that the data is encrypted, but even if not
sniffing equipment is not nearly as prevelant as it is with WiFi. Any laptop
can sniff Wifi. I know I happily use my cellular connection without the same
encrypting safeguards that I do when I use WiFi. (Though I keep my firewall up,
since it is a direct internet connection.)
I honestly don't know about internet phones. I know that *some* are encrypted,
but which I do not know. I'd check with the providers.
Leo
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
iD8DBQFHAYbuCMEe9B/8oqERAioRAJ4/3YRgMYeYaMEbScZSFRGlQvcHOwCfQa01
Posted by: Leo A. Notenboom at October 1, 2007 4:46 PME94/P/uKryVhZZptHTnnIvc=
=etkk
-----END PGP SIGNATURE-----