Online fraud? Network streaking? All because of HTTP?

Time:2021-9-26

Let me tell you a story first. My first love was talked about in junior high school. It’s my back desk. At that time, there were no communication tools such as mobile phones. There were three treasures for class communication, such as kicking my ass, poking my back with a pen and passing notes. Of course, I can only be that ass and back, not the back that can be kicked by my first love.

But to tell the truth, it’s really dangerous to pass on notes, especially this kind of early love note. Being caught is a song “cool”.

Online fraud? Network streaking? All because of HTTP?

In particular, there is a dog egg making trouble between me and my first love. I use the amazing handwriting imitation technology to tamper with the content of small notes all the year round. Often I write “go shopping after school”. In my first love hand, it becomes “do homework after school”. So that I always look forward to school, and then painfully swim in the ocean of homework.

But hero, not to mention the past, I am now an excellent Internet man. I don’t have to pass notes or accept the domination of dog eggs anymore.

Thinking like this, I was caught off guard and found that all the beautiful pictures I took turned into flowers! What the hell is going on?

Beautiful women become like flowers and data are streaking! Talk about what network hijacking is.

If you enter the same URL in the browser, sometimes the same content will not appear. For example, the beauty I met today will become like a flower.

Online fraud? Network streaking? All because of HTTP?

On the left is the picture that will appear in the correct response, while on the right is the flower that appears inexplicably. This is because HTTP was hijacked.

When HTTP is hijacked, although the DNS domain name and IP address remain unchanged, the user‘s request is hijacked during interaction with the website. Before the website returns user information, other requests are returned, resulting in pop-up ads on normal websites and even jumping to other malicious websites. In addition to changes in web page content, HTTP hijacking can also cause the following problems:

  • The user enters the normal web address and jumps to other addresses, which makes the user unable to access normally and the website traffic is damaged;
  • Through pan domain name resolution, a large number of sub domain names are generated to point to other addresses, jump to illegal websites, and reduce the weight of websites;
  • Domain names are resolved to malicious phishing websites, resulting in user property losses and customer complaints;
  • Websites often pop up advertisements, which affect the customer experience and reduce the credibility.

At the same time, there are many types of HTTP hijacking. You can view the detailsWebsite inexplicable jump, what is website hijacking from Baidu

These complex means make people defenseless, but also make the website extremely unsafe. However, for modern society, security is the first element, so that even browsers have evolved to bring their own security monitoring, which can give you security tips when you visit the website.

The link is not secure. The link is not a private link because the link is not HTTPS. Have you noticed?

I believe everyone on the Internet must have seen the following reminder when using 1024g network for high-intensity surfing.

Online fraud? Network streaking? All because of HTTP?

Ah? what? You said you didn’t? Promise me not to use IE again!

Cough, then seriously, this prompt does not appear because it makes people smile. You know, I also know the website. It is simply because the SSL certificate used by the current website is not a formal certificate, or the HTTPS protocol cannot request normally when the certificate has expired.

Since the development of the Internet, HTTP has been the standard protocol for transmitting information on the Internet. The transmitted information can be documents, files, images, videos, etc. between computers in the Internet. In the HTTP request process, there is no identification process between the client and the server, and all data is transmitted in clear text, “streaking” on the Internet, so it is easy to be attacked by hackers.

Therefore, to protect data security in the future, HTTP HTTPS with SSL was born. HTTPS is HTTP + SSL / TLS, which can be understood as adding SSL layer under http. The security basis of HTTPS is SSL. Therefore, SSL is required for the detailed content of encryption for secure http data transmission.

On the whole, compared with HTTP, HTTPS has the following five advantages:

  • Maximize the security of data and transactions on the web;
  • Encrypt user sensitive or confidential information;
  • Improve the ranking in search engines;
  • Avoid the “unsafe” prompt in the browser;
  • Enhance users’ trust in the website.

Security comes first in modern society, so HTTPS plays an important role in modern Internet. It protects our security on the network.

Is HTTPS more secure than HTTP? Why do most websites still use HTTP?

Although the HTTP protocol cannot encrypt data and make all communication data “streaking” in clear text in the network, it is easy to lead to security problems such as data leakage, data tampering, traffic hijacking, phishing attacks and so on. As we all know, HTTPS is used to solve the defects of HTTP plaintext protocol. It adds SSL / TLS protocol on the basis of HTTP, relies on SSL certificate to verify the identity of the server, and establishes an “SSL” channel between the client and the server to ensure the safety of data transportation.

But most websites still choose to use HTTP for access. Don’t they know how good HTTPS is and how important security is? In fact, it’s not. We all know that HTTPS is the most needed form of the Internet. In particular, if you can use full site HTTPS, you can ensure data security and maintain user privacy. However, most websites still use HTTP for the following three reasons:

SSL certificate fee problem: the necessary condition for opening HTTPS is to have SSL certificate, and SSL certificate needs to be purchased. Seeing the word “purchase”, most people will feel that it is inseparable from fee payment, so the website will choose to use unsafe HTTP because it doesn’t want to spend a lot of money on the certificate every year.

Server resource consumption: HTTPS connection takes up a lot of resources on the server side, and the HTTPS handshake takes time. In order not to increase the consumption of server resources, some websites will also choose to give up HTTPS.

Access speed reduction: HTTPS needs more handshakes than HTTP, and it takes some time for users to jump from HTTP to HTTPS, which will slow down the website access. In order to make the website access more smooth, some websites will give up HTTPS.

In fact, if you have a deeper understanding, you will find that the above problems do not exist, or you can solve them through optimization. The optimization method is also very simple. Small partners who want to know canClick to readGet, as long as you finish reading this article, all the problems you worry about will be solved~

Online fraud? Network streaking? All because of HTTP?

Recommended reading

Vernacular popular science series – Chrome browser, have you used it?

Technology selection: Why did we choose Flink for batch processing

Recommended Today

Supervisor

Supervisor [note] Supervisor – H view supervisor command help Supervisorctl – H view supervisorctl command help Supervisorctl help view the action command of supervisorctl Supervisorctl help any action to view the use of this action 1. Introduction Supervisor is a process control system. Generally speaking, it can monitor your process. If the process exits abnormally, […]