Security Questions

The difference between http and https

peterhgregory — Thu, 05 Nov 2009 00:56:11 +0000

Question: What is the difference between:

http://
https://

When should I be looking for that “s”?

Answer: when you are viewing a web page with a web browser, you’ll see the web page’s address in the address bar. It will always begin with http:// or https://. When the address begins with https, you can be assured that the contents of the page was encrypted when it was sent from the web site to your computer.

To be sure, however, you want to also look for the little padlock symbol that is usually in the lower left corner of the browser window, on the status bar.

Some malicious web sites try to fool users by displaying a “status bar” that resembles a browser’s status bar, in order to try and fool the user. It is important to know for sure that you see a real padlock and not a fake one.

Newer browsers also provide a region (just to the left of the address in Firefox) that you can click on to view security information about the site you are visiting. You should find and practice using this feature, and be familiar with how this looks for web sites that you know are legitimate. That way you will be more apt to recognize when you are on a site that is not legitimate.

Sending secure documents via e-mail

peterhgregory — Thu, 05 Nov 2009 00:49:58 +0000

Question: A business affiliate, who is out of state, needs me to send documentation containing sensitive information. He stated that he would send the necessary forms via secure e-mail.

Should I expect a log-in and password to be provided for accessing this “secure” e-mail, and how should I receive that information?

Answer: there are a number of different services available for sending security mail, such as Hushmail. Some are free, and others are fee-based.

Another way to do this is to use WinZip (version 9 or newer) and encrypt the contents using AES. Then, you’ll need to get the password to the recipient, which you should NOT send via e-mail! Instead, send the password via telephone or fax. The reason for this is that if someone’s e-mail account has been compromised, then the attacker will be able to access both the encrypted message as well as the encryption key.

Being watched while watching videos

peterhgregory — Wed, 04 Nov 2009 14:04:49 +0000

A reader asks: I have a friend who heard that we can be “watched” while we watch online videos. Any truth to it that you know of?

Answer: Theoretically yes, but only if you have a webcam (if you literally mean “watching”). I’ve heard of it being done.

If you mean “knowing what you are watching” (some kind of tracking), that is certain. Youtube remembers what you have seen (it can be embarrassing), and other vid sites do too. Sites do this with tracking cookies and other means to remember what videos you view, what pages you see, and the sites you visit.