The Dangers of HTTPS: When Secure Is Not Safe
By Eric H. Perkins, Sr. Security Risk Analyst, Edelman Financial Engines
The web, as we know it, is going through a major shift to encrypt all traffic to better secure user data by
fixing many serious vulnerabilities, like eavesdropping and content hijacking. In fact, you’ve probably
noticed that major web browsers even warn you before connecting to a non-secure website. So, when
you see that green lock icon in the URL bar that means it’s safe, right? Wrong.
Being secure, simply stated, is not the same as being safe. The term “safe” implies the site in question
is free of malware and/or nefarious activity. In the context of your web browser, the term “secure” simply
means that your information is being properly encrypted while connected to the site. It’s this term that is
being visually represented with the green lock icon found on webpages that start with HTTPS, a secure
data networking protocol. Ideally you want to only interact with sites that are both safe and secure.
The HTTPS protocol was designed to help protect data in motion by encrypting each internet session.
This encryption is what protects your data from being accessed if intercepted. However, it doesn’t ensure
the site is trustworthy and it wasn’t designed to protect you from malware and/or phishing attempts.