The increase in Internet phishing attacks, cyberstalking and other pervasive threats on the World Wide Web is only matching the ever-increasing rate of Internet users. These social crimes perpetrated on the Internet may seem sophisticated to users, but can be tackled by incorporating simple measures into one's browsing habits.
Choosing ‘secure' browsing where possible — as indicated by the ‘s' after the ‘http' on the address bar on the newer browsers — is one of the simplest, yet most effective means of fortifying privacy and enhancing security while transacting on the Internet.
Traffic snooping, either by purporting to be a trusted source of information, or eavesdropping on users' traffic by capturing Internet packet data, can reveal enormous amounts of information to the attackers about the victim.
Information such as user names, passwords and other important credentials can be directly retrieved, or ‘phished' if the connection is insecure. Eavesdropping on a user's web habits can be used to harass them.
These risks are applicable to all traffic plying on insecure links — the HTTP links that are normally used. HTTP (Hyper Text Transfer Protocol) is the default rule-set for browsing on the Internet and is prone to security risks.
To counter the pitfalls in HTTP, a secure variant, HTTPS, is being widely used, and not just on financial transaction portals, which were primarily using it.
HTTPS provides enhanced security by authenticating the identity of the websites and encrypting the information.
It embeds a mechanism to authenticate websites by signing Transport Layer Security (TLS) certificates, which identify how genuine a website is. This mechanism eliminates fraudsters purporting to be trusted websites, for the TLS certificates cannot be authenticated by them.
Encrypting information using 128-bit encryption mechanism or more sophisticated cryptography algorithms make it virtually impossible for sniffers to make sense out of the traffic flowing.
Karthik Rao, a budding ethical hacker, points out the benefits of using secure links via HTTPS. “Man-in-the-middle (MITM) attacks, where the attacker acts as an invisible relay between two hosts with the purpose of manipulating traffic is easy to unleash when there is an insecure link, whereas it is subdued to a great extent if the link is on HTTPS,” he says.
HTTPS content access should be supported by websites. While the browsers can access the content on secure links by appending https instead of http in the URL of websites, this would get cumbersome, and there is also a problem when the websites are not serving content over secure links.
Automating this functionality and going back to HTTP only when https in unavailable, is facilitated by a free and open source software, ‘HTTPS Everywhere', which works as an add-on to the open source web browser Mozilla Firefox. HTTPS Everywhere ensures secure and encrypted communication with websites supporting HTTPS content access.
With major websites including Google, Wikipedia, Facebook, Youtube and Twitter serving secure content, a huge portion of routine browsing can be secure, hence reducing risks such as phishing.
HTTPS Everywhere is a project by The Onion Routing (TOR) project and the Electronic Frontier Foundation (EFF), who are working on making the Internet safer, more secure and with increased privacy to users.
The add-on is currently supported only by Mozilla Firefox, while support on the Google Chrome browser may come in near future. It can be downloaded from https://www.eff.org/ https-everywhere