Ask the Expert: Are ‘Secure’ Websites Really As Secure As We Think?

Q: “All of my important websites (email account, financial accounts, and social media) use HTTPS, so this means that they are totally secure, right? That’s what I have always been told and I just want to make sure that I have nothing to worry about.”

A: Most of us assume that if a website uses HTTPS, it’s completely secure. The reality is that sites that use HTTPS are not as safe as most people think.

In fact, new information from SSL Pulse has highlighted just how insecure HTTPS really is.

SSL: The Backbone of HTTPS

Retailers, banks, and social media sites like Facebook and Twitter use secure websites — HTTPS (Hypertext Transfer Protocol Secure) — to provide online security. You can tell if a website is a “secure” one if it has “https” in its URL and has a small lock symbol next to it.

SSL, or Secure Sockets Layer, is the technology behind HTTPS. SSL creates an encrypted link between a website and your browser which, in theory, ensures that all data passed between them remains private.

SSL is usually the only protection websites use to prevent passwords, credit card information and other sensitive data from being intercepted by online criminals.

The problem is that SSL is simply not secure.

New Information About SSL Insecurity

Recently, SSL Pulse, a website that monitors the effectiveness of the 200,000 most popular websites that use SSL found that more than 90% of these websites are vulnerable to an attack that was discovered three years ago. This attack allows hackers to access supposedly encrypted messages. A student was able to demonstrate how the attack works by intercepting Twitter login information.

Also, SSL Pulse found that only 25% of SSL sites are secure against BEAST attacks. BEAST (Browser Exploit Against SSL/TLS) was a program developed by researchers last year that also exposes SSL vulnerability. This program allows hackers to access encrypted data that websites use to grant access to restricted user accounts, such as PayPal login information.

So if you thought you were completely safe when using online banking websites, or social media websites, think again.

SSL websites are simply not safe and your online security could be compromised.

Protect Yourself Using Private WiFi

Using a personal VPN like PRIVATE WiFi is the only way to protect yourself from this kind of attack in a wifi hotspot, whether you are simply emailing or making any financial transaction using a credit card, paying with something via PayPal, or managing your online banking accounts.

PRIVATE WiFi encrypts all the data moving to and from your laptop, even HTTPS information. A bad guy may not be lurking in every single wifi hotspot, but a personal VPN provides an extra layer of security that protects ALL of your communication.