The main idea of HTTPS is to create a secure channel over an insecure network. This ensures reasonable protection from eavesdroppers and man-in-the-middle attacks, provided that adequate cipher suites are used and that the server certificate is verified and trusted.
The trust inherent in HTTPS is based on major certificate authorities that come pre-installed in browser software (this is equivalent to saying "I trust certificate authority (e.g. VeriSign/Microsoft/etc.) to tell me whom I should trust"). Therefore an HTTPS connection to a website can be trusted if and only if all of the following are true:
1. The user trusts that their browser software correctly implements HTTPS with correctly pre-installed certificate authorities.
2. The user trusts the certificate authority to vouch only for legitimate websites without misleading names.
3. The website provides a valid certificate, which means it was signed by a trusted authority. (an invalid certificate shows a warning in most browsers)
4. The certificate correctly identifies the website (e.g. visiting https://example and receiving a certificate for "Example Inc." and not anything else [see above]).
5. Either the intervening hops on the Internet are trustworthy, or the user trusts the protocol's encryption layer (TLS or SSL) is unbreakable by an eavesdropper.
1. For enabling secure conection (https) in facebook go to Account-->Account Settings
3. Check the Secure Browsing (https) and Save it!
the diffrent bitween secure (https) and unsecre conection look like this on browser window
unsecure-------------------------------------------------->
<--------
The trust inherent in HTTPS is based on major certificate authorities that come pre-installed in browser software (this is equivalent to saying "I trust certificate authority (e.g. VeriSign/Microsoft/etc.) to tell me whom I should trust"). Therefore an HTTPS connection to a website can be trusted if and only if all of the following are true:
1. The user trusts that their browser software correctly implements HTTPS with correctly pre-installed certificate authorities.
2. The user trusts the certificate authority to vouch only for legitimate websites without misleading names.
3. The website provides a valid certificate, which means it was signed by a trusted authority. (an invalid certificate shows a warning in most browsers)
4. The certificate correctly identifies the website (e.g. visiting https://example and receiving a certificate for "Example Inc." and not anything else [see above]).
5. Either the intervening hops on the Internet are trustworthy, or the user trusts the protocol's encryption layer (TLS or SSL) is unbreakable by an eavesdropper.
1. For enabling secure conection (https) in facebook go to Account-->Account Settings
2. Click "change" belongs to Account Security
3. Check the Secure Browsing (https) and Save it!
the diffrent bitween secure (https) and unsecre conection look like this on browser window
unsecure-------------------------------------------------->
<--------
Categories:
Facebook Protection
0 comments:
Post a Comment