Author

Topic: Wondering why account are hack or stolen? HTTP VS HTTPS (Read 293 times)

hero member
Activity: 2268
Merit: 669
Bitcoin Casino Est. 2013
One little bit of extra information about the use of ssl on bitcointalk.
As you can probably see, bitcointalk uses cloudflare's nameservers, cloudflare's proxy and cloudflare's SSL certificates.
This means that anything you send to bitcointalk is encrypted using cloudflare's keys, they decrypt the packages and re-encrypt them when they are sent to the actual servers hosting bitcointalk. Cloudflare can actually see what you are sending to bitcointalk, even if you feel protected by the padlock symbol in the address tab.
Here's an image to help those who didn't know how SSL works. At first, I thought that HTTPS websites are safe as I think it is but I am wrong. It is encrypted to other but it is seen to the server that is use by an HTTPS sites. Well, this image will show how it works for easy understanding. Users who access a site will be safe anyway to outsiders except the server itself.
sr. member
Activity: 1106
Merit: 310
Sometimes a website has both versions. A plugin like HTTPS Everywhere might help when you accidentally visit the non-secure version and warns you when the website doesn't have the HTTPS version.
ssl are bought for domain, they are then install in the server, then when a user browse it via browser it will then force to https,
legendary
Activity: 3612
Merit: 5297
https://merel.mobi => buy facemasks with BTC/LTC
One little bit of extra information about the use of ssl on bitcointalk.
As you can probably see, bitcointalk uses cloudflare's nameservers, cloudflare's proxy and cloudflare's SSL certificates.
This means that anything you send to bitcointalk is encrypted using cloudflare's keys, they decrypt the packages and re-encrypt them when they are sent to the actual servers hosting bitcointalk. Cloudflare can actually see what you are sending to bitcointalk, even if you feel protected by the padlock symbol in the address tab.
legendary
Activity: 2730
Merit: 7065
First is accounts are being hack and leads to hacking of other accounts that is register to that email
That is why it is so important to use different passwords for each site you visit and several emails for different purposes.
It has been mentioned many times before but you should never merge all your interests to one email.

Keep your financials and banking data on email 1.
Work related info on email 2.
Family, friends, socializing, on email 3.
Bitcointalk on email 4.
Private Crypto related info (exchanges, trading) on email 5.
Airdrops, bounties, newsletters, applications, giveaways, on email 6.

You can create even more of these sub groups and don't associate them in any way. That way even if you get hacked or lose access, only a part of your activities will be lost.
hero member
Activity: 2268
Merit: 669
Bitcoin Casino Est. 2013
It is true that https are not 100% secure because of hackers find ways to be able to hack a https site and steal funds or credentials. Well, https have different securities of encryption whether it's mac (Message Authentication Code) or HMAC (Hash-based Message Authentication Code) type of encryption. HTTPS use different types of certificate which will encrypt the data but the most common certificate for HTTPS are SSL/TLS. Both SSL and TLS are very much the same since TLS is an upgraded version of SSL but there is a difference between both certificate which is the encryption for example. Even if it's HTTPS accounts would still be possible to get hacked or stolen because of phishing site or impostor sites as you have mention.
hero member
Activity: 2254
Merit: 537
My passive income eBook @ tinyurl.com/PIA10
AFAIK No, HTTPS everywhere only works if the website support HTTPS. HTTPS everywhere only forces the browser to use HTTPS rather than HTTP if the website support HTTPS.

Got it, thanks for the reply. I've seen some instances of sites defaulting to http at times, which I had to manually enter the https afterward.
hero member
Activity: 2254
Merit: 537
My passive income eBook @ tinyurl.com/PIA10
Sometimes a website has both versions. A plugin like HTTPS Everywhere might help when you accidentally visit the non-secure version and warns you when the website doesn't have the HTTPS version.

Most browsers do that, especially on Chrome. The padlock will be red and unlocked.

I wonder though, does it help if the site doesn't support the HTTPS cert but the plugin forces it to do so?
legendary
Activity: 2170
Merit: 1789
Sometimes a website has both versions. A plugin like HTTPS Everywhere might help when you accidentally visit the non-secure version and warns you when the website doesn't have the HTTPS version.
sr. member
Activity: 1106
Merit: 310
Lots of people are very curious about anything specially in the world wide web, curious that sometimes lead as to something bad or disaster
compromise your security for banks , and emails
First is accounts are being hack and leads to hacking of other accounts that is register to that email
HTTP: if you are just browsing on the site that is HTTP or hyper text transfer protocol - there is a possibility that you will be just fine , if the site is http and you never login anything or username and password, example is in the train if all in the train is British they can hear everything loud and clear since in the same language.
but if you are logging in the site using any credential that is a different story, there is probability of 80-90% you will be hack here is a figure below explain why



as you can see your username and password are expose, you if a hacker manages to get there your in for a roller coaster ride
Hackers are bombing those ports trying to pass through a level of security which is very easy for them,

How to make sure you are safe when logging in to banks, mails with important information?
HTTPS Hyper text transfer protocol Secure everything runs in this are encrypted and no one can see the username and password,
example of this are if you were an engineer or an architect and there is two computer technician talking you don't understand their terms
but you can hear them in the figure below shows how HTTP and HTTPS are seen by the hacker


upload pic

As you can see how important it is when you are logging to a certain site be sure its https not http
like bitcointalk we are https so we are sure that its safe



The image above shows that the  password is hidden bitcointalk
 


upload images

Im not saying that https sites are totally secure because hackers do have their ways and its up to the support of the site how they manages all the securities to make everything unhackble, but its better to use https than https, so the next time you need to login to a site make sure its https
specially banks and other sites that we visit, its better safe than never , hope this simple post helps everyone

Note: It does not mean that if the site is https you will simply login your credential make sure the address is correct, double checking is better because sometimes impostor sites are also a big problem, always look into small details for security purpose

thanks.

Jump to: