What a weird semantic game. It is about encryption. Without it you wouldn't be able to "[establish] a degree of trust in a site’s legitimacy that’s sufficient for you to confidently transmit and receive data with the knowledge that it’s reaching its intended destination without being intercepted or manipulated in the process"
I've learned to completely ignore the title of any article I see on HN. A disproportionate number of them simply use titles as a way to grab attention. This article is typical of the pattern - the title is used only as part of a few sentences at the start of the text, then its completely ignored and the real article begins.
I've noticed that ignoring the title often helps me to really evaluate what an article is saying independent of the bias (and frustration) that a bad title creates.
Something needs to change drastically, or I can see these problems getting worse over time. Those little "secure" images in the address bar mean nothing to 95% of the population. A lot of people don't even know the difference between a Google search bar and the address bar. Pop-ups appear that are fake OS message boxes warning about viruses and people fall for these left and right.
The only way to solve these problems is to educate people. Perhaps a little tutorial pops up after you've downloaded your web browser -- "If you want to keep your information from getting stolen, follow this little instructional guide on how to safely browse the web. It will only take 5 minutes of your time". I think a lot of people would do it.
He is both right and wrong IMO. Ssl is about encrypted communication to and from the server, but the cerrificate also means that you are sending your data to a trusted authority, and the people are who they say they are. I think the real issue is that the switch from http -> https can be a security hole and the safest bet is to use ssl before you ever start entering credentials.
MITM attack. If your on the same networking and the router isn't configured to block ARPing. You can proxy the traffic that filters out the redirect. Your proxy keeps the https connection open and passes back unsecured content. Public wifi can be a bad idea sometimes...
8 comments
[ 3.4 ms ] story [ 20.3 ms ] threadI've noticed that ignoring the title often helps me to really evaluate what an article is saying independent of the bias (and frustration) that a bad title creates.
In fact, SSL (and others) are about:
- confidentiality (encryption!!)
- integrity
- authenticity (trust!!)
and in a lesser but important nonetheless fashion:
- availability
- non-repudiation
The only way to solve these problems is to educate people. Perhaps a little tutorial pops up after you've downloaded your web browser -- "If you want to keep your information from getting stolen, follow this little instructional guide on how to safely browse the web. It will only take 5 minutes of your time". I think a lot of people would do it.