You have heard about someone offering free (as in beer) website certificates (aka SSL certificates) for your website. Whoever told you this was not lying. It’s actually quite true! With the revelations regarding shady dealings with intelligence agencies, law enforcement, ISP and black-hat crackers (i.e., your “cyber-thieves”), there’s been an industry-wide push to secure communications. Letsencrypt.org was founded to help address some of the issues in the web industry that led to the widespread failure of website owners and operators in obtaining secure certificates.
HTTPS/SSL in a nutshell
The average website you visit is typically accessed over HTTP (HyperText Transport Protocol). Accessing a site over HTTPS (HyperText Transfer Protocol Secure) is a different process from HTTP. Accessing a site over HTTP makes your traffic visible to everyone on the network. Using tools like WireShark, if you were to park yourself at the point where your network meets the internet, you’d be able to see all the traffic (URLs, content, form data) of people on your network. This is how people perform Man-in-the-Middle (MITM) attacks. In a MITM attack, someone sits on the connection between two networks and just eavesdrops on the data going back and forth. Also, by being in the middle of the communication stream, the attacker could modify the contents going back and forth, sending you malicious data and changing what you are transmitting to the server.
If there is one constant in the website development business, it is that there will always be change. And as things change, your business strategy needs to adjust accordingly to maximize effectiveness and avoid being put into a competitive disadvantage. With a modicum of planning, businesses can use these technology changes and market shifts to their advantage. Conversely, companies that don’t do this end-up lagging further and further behind.