Tag: secure website

Secure that site with LetsEncrypt - Header

Secure that site with LetsEncrypt

You have heard about someone offering free (as in beer) website certificates (aka SSL certificates) for your website. Whoever told you this was not lying. It’s actually quite true! With the revelations regarding shady dealings with intelligence agencies, law enforcement, ISP and black-hat crackers (i.e., your “cyber-thieves”), there’s been an industry-wide push to secure communications. Letsencrypt.org was founded to help address some of the issues in the web industry that led to the widespread failure of website owners and operators in obtaining secure certificates.

HTTPS/SSL in a nutshell

The average website you visit is typically accessed over HTTP (HyperText Transport Protocol). Accessing a site over HTTPS (HyperText Transfer Protocol Secure) is a different process from HTTP. Accessing a site over HTTP makes your traffic visible to everyone on the network. Using tools like WireShark, if you were to park yourself at the point where your network meets the internet, you’d be able to see all the traffic (URLs, content, form data) of people on your network. This is how people perform Man-in-the-Middle (MITM) attacks. In a MITM attack, someone sits on the connection between two networks and just eavesdrops on the data going back and forth. Also, by being in the middle of the communication stream, the attacker could modify the contents going back and forth, sending you malicious data and changing what you are transmitting to the server. Continue reading