USA Today has published an article that confirms what we have been saying for some time now: HTTPS is not safe, and may be getting less and less safe.
They went on to say that HTTPS may be completely outdated in two to five years, and that the business world should begin to look at other online security methods.
A Brief Background on HTTPS
Retailers, banks, and other online retailers use secure websites — HTTPS (Hypertext Transfer Protocol Secure) — to provide secure transactions. You can tell if a website is a “secure” one if it has “https” in its URL and has a small lock symbol next to it.
SSL, or Secure Sockets Layer, is the technology behind HTTPS. SSL creates an encrypted link between a website and your browser and supposedly ensures that all data passed between them remains private.
Up until last fall, most people had assumed that HTTPS was completely safe. But just last year, two Internet researchers were able to demonstrate that websites using HTTPS could have their login ID cookies hacked. And they reported that 90% of the websites that used SSL were vulnerable to this kind of attack.
In addition, the Department of Homeland Security recently sent out a warning that hackers were able to hijack an HTTPS session in less than 90 seconds.
Documents have been released which show that the NSA allegedly had a hand in weakening the Internet protocols that would make HTTPS more safe. Some suggest the NSA did this to ensure that they had a backdoor access to information supposedly protected by HTTPS.
So the bottom line is this: HTTPS is not safe and if you are using public wifi while accessing an HTTPS website, do not assume that your information is being protected from hackers.
What You Can Do
As we’ve said before, using a personal VPN like PRIVATE WiFi is the only way to protect yourself from an HTTPS attack, whether you are simply emailing or making any financial transaction using a credit card, paying with something via PayPal, or managing your online banking accounts.
Now more than ever, consumers need PRIVATE WiFi to protect their information. PRIVATE WiFi encrypts all the data moving to and from your laptop, even HTTPS information. A bad guy may not be lurking in every single wifi hotspot, but a personal VPN provides an extra layer of security that protects ALL of your communication.