Miscellaneous 3 min. read

Are websites that use the HTTPS protocol really safe?

Are websites that use the HTTPS protocol really safe?

Malware Protection VPN

Hypertext Transfer Protocol Secure (HTTPS) enables secure communications over a computer network such as the Internet, but is it really safe? Here’s what you need to know about HTTPS, its vulnerabilities and how using a malware protection VPN can help improve your security.

HTTPS and HTTP

An HTTPS connection uses encryption to protect the exchange of information between a browser and a server or website.  Attacks against communication networks employing HTTPS are minimised and harder for cyber crooks to execute.

HTTPS is an improved version of the Hypertext Transfer Protocol (HTTP), which is an application layer protocol that allows the access of HTML pages and enables the transfer of information, such as text, images, music and video files, between web-based applications. HTTPS is the same as HTTP, only it is more secure, hence the “S.”

With HTTPS, data is sent over a connection that uses either the Secure Sockets Layer (SSL) protocol or the newer Transport Layer Security (TLS) protocol. Both of these protocols are cryptographic meaning they provide encryption for connections between browsers and servers. In an HTTPS page, a padlock logo is shown right before the URL, which means it’s secured.

Below are some of the known benefits of employing the HTTPS:

  • Users are better protected against man-in-the-middle attacks
  • Data communicated between end points are less susceptible to being tampered with
  • Traffic sent to a legitimate site does not get redirected to a malicious site

Using HTTPS benefits both the users and owners of websites, which is why a number of organizations advocate its use. Government organizations in the US strictly use HTTPS for their websites. Mozilla Firefox started phasing out HTTP in 2015 to make way for the safer protocol. Apple now requires HTTPS connections for apps for iOS and Google has said it wants websites to carry it for its Chrome browser.

Are HTTPS sites really safe?

Unfortunately for users, a website that uses HTTPS is not guaranteed to be safe. Below are some ways hackers can bypass the security of HTTPS websites.

Images that have links to infected websites – A web page that employs HTTPS can still contain unencrypted elements such as images. Interacting with these types of images can prompt the download of malicious payloads or bring the user to an unsecure website.

Valid SSL certificates for spoof sites from certificate authorities (CAs) – Today it’s possible even for fake sites to acquire valid SSL certificates, which can get Google to classify them as secure. Some CAs provide certificates without verifying the authenticity of requesting websites, meaning a website that spoofs Google has a chance to get a valid certificate.

Brute force attacks launched against servers – Hackers can use multiple systems to conduct brute force attacks in order to acquire the decryption keys for HTTPS-encrypted elements.

Protect yourself with the best malware protection VPN

Hotspot Shield is a free malware protection VPN that protects your data from being compromised online via encryption. The security that the VPN provides stacks well with the encryption provided by HTTPS pages, securing your data further. To learn more about Hotspot Shield’s encryption and other useful features, please visit our website. You can download the VPN for your Windows, Android, OS X or iOS device here. For more VPN tips, read our blog here.

Improve HTTPS security by downloading the best malware protection VPN today!

Get the latest stories and tips from Hotspot Shield in your inbox