[The Great Fumar]

JUST READ THIS AND DON'T KNOW IF ITS LEGITIAMATE.....




Don't know how many are aware of this difference, but worth sending to any that do not......

What is the difference

Maybe you already knew this, but I thought it was important enough to send even if you already know.
I didn't know this.....................


FIRST, MANY PEOPLE ARE UNAWARE OF
**The main difference between http:// and https:// is It's all about keeping you secure**
HTTP stands for HyperText Transport Protocol,

which is just a fancy way of saying it's a protocol (a language, in a manner of speaking)
for information to be passed back and forth between web servers and clients.
The important thing is the letter S which makes the difference between HTTP and HTTPS.


The S (big surprise) stands for "Secure".
If you visit a website or webpage, and look at the address in the web browser, it will likely begin with the following: http://.
This means that the website is talking to your browser using the regular 'unsecure' language. In other words, it is possible for someone to "eavesdrop" on your computer's conversation with the website. If you fill out a form on the website, someone might see the information you send to that site.
This is why you never ever enter your credit card number in an http website!
But if the web address begins with https://, that basically means your computer is talking to the website in a secure code that no one can eavesdrop on.
You understand why this is so important, right?
If a website ever asks you to enter your credit card information, you should automatically look to see if the web address begins with https://. If it doesn't, there's no way you're going to enter sensitive information like a credit card number.

CAN ANYONE CONFIRM THIS ??????

FUMAR

[Muncle]

"According to security expert Gene Spafford, that level of security is analagous to "using an armored truck to transport rolls of pennies between someone on a park bench and someone doing business from a cardboard box.""

Yeah, Fumar, you are on target. Some liknks that explain it further are:

http://searchsoftwarequality.techtar...214006,00.html

http://en.wikipedia.org/wiki/Https.

[BogeyBoy]

I've paid attention to this for years, besides the https:// you should also see a padlock icon on most browsers.

Go to https://www/paypal.com to see an example.

FYI: I use Safari on my Apple computers and the padlock does not show up.

[handieman]

Yes, Mr Fumar, I pay extra to have a SSL certificate enabled on my website. If you go to www.handieman4u.com , you will see HTTPS and a lock at the other end signifying a secure sight.

Handie

[The Great Fumar]

Thanks Guys
In the future I'll be more cognoscente (this word costs $.50 on ebay) of what I send out ,,,

fumar

[tony]

Let's pretend I am a bad guy who wants to steal Fumars credit card info. I send him some bogus offer or warning or whatever, but I have the forethought to run secure socket software on my site.

So when Fumar gets there to my bogus site, he sees the https and the padlock. And he gives me his information. I take it and go out and buy a case of pop, or an airplane in Fumar's case.

I don't enter any information in any site that I don't know for sure is legit. If it get an email directing me to it, I would never enter any information into it, even if the https and padlock are there.

I am very paranoid about this. I invite you to be, too.

This was a good thread to start. It gives us all something to think about.

I invite somebody out there who is far more savvy in this to help. Can bad people run secure sites?

I have found my browser warning me of bogus sites when I thought they would be bad and wanted to test them. I got a notice from my bank and it advised me to log in and check my account. The normal url for my bank, for example, is TonysBank.com. This url that I went to looked exactly like Tonys Bank.com, but the url said something like https://badguys.com/tonysbank.com. My browser bells went off. I logged in anyhow with entirely bogus information and the screen just went dead, didn't move. I had to back out of it to continue enjoying the web. The site had "captured" in private information. I put in bogus stuff. I don't advise this, but I had to play.

We need a guru to help lead us through this and tell us correctly about whether bad guys can run secure sites.

[The Great Fumar]

THANKS TONY

You have a very good point and will take it under advisement ....

However I am comforted by the fact that once I lost my wallet and the person who lifted it returned it with all contents and a note that read "and I quote" "checked your credit and you need this worse than I ", ........

fumar

[tpop1]

I’ve been in the PC business for a while and have come up with a few rules I try to follow in dealing with financial & personal info over the Web. No problems to date!(Jinx - I shouldn’t have said that)

1) I try never to reply to requests for information that arrive via email or ads asking for financial & personal info. I’ve rarely seen a legitimate organization with which I do business, request this type of info be provided via email. Tony explained what’s called phishing, sending of links to fake sites.
If I have any question, I type in the web address that I know to be valid.
In cases where I have any concern; I make contact with the institution in question by email (Not a reply but a new email I address to that organization), by phone call, or by online chat to determine the validity of the request.

2) I only enter financial & personal info into Web sites, that I know to be valid, with https: addresses.

3) I NEVER enter financial & personal info while on unsecure wireless networks….not at home nor at public locations; Starbucks, TV Sales center, etc.

4) I try to remember to change my passwords to my financial site OFTEN!

5) I use PayPal for any transaction where I can; Ebay, Internet Stores, etc.

Sorry for the length, but I hope this helps.

Len

[katezbox]

Len,

I think you and Tony have nailed it.... One caveat (or maybe a double down warning).

Phishers use eBay and PayPal "addresses" to get you to update data. NEVER click on these links. If you get one, open another browser session, and type in the URL (the web page address www.xxxxxxx.com)

You will then see on your home page for these sites if you have nay legitimate messages.

k

[billethkid]

cordless phones in the home and some cell phones. Especially cordless home phones are as easily scanned as turning on your TV set. One can buy an inexpensive scanner at Radio Shack and scan for active phone calls. All they have to do is be near your home in a car with a pad and pencil.

From my corporate days we were always counseled to NEVER discuss sensitive information over either a cordless or cell phone.
And I am sure credit card info is passed every day by many unsuspecting users.

btk

[EdV]

The purpose of the Secure Sockets Layer (SSL) protocol is merely to encrypt the data packets sent between your computer and the target site. As Tony points out, it does not guarantee the integrity of that site.

If you want to get an idea of how many hops a packet takes and where it travels, try running a trace route on your windows or Mac system. In Windows, open up a DOS command prompt window and enter the following: tracert websiteurl (where websiteurl is the name of a target site of your choice such as google.com).

What you’ll see is a hop by hop reporting of the route your packets take to get to the target site. Consider that any unscrupulous person, at any of those intermediate hops, with a laptop and free packet sniffer software can connect to the LAN at that hop site and capture and view the data inside the packets including credit card information and passwords. But packets traveling over the Internet encrypted with SSL cannot be deciphered and are useless to the interceptor.

Regarding using your credit card over the Internet, I just posted a new thread called "Safest way to shop on-line using your credit card" in the general forum. Give it a look for my recommendation on that.