Example: [Collected via e-mail, January 2009]
FIRST, MANY PEOPLE ARE UNAWARE OF
**The main difference between http:// and https:// is It's all about keeping you secure**
HTTP stands for HyperText Transport Protocol, Which is just a fancy way of saying it's a protocol (a language, in a manner of speaking) for information to be passed back and forth between web servers and clients. The important thing is the letter S which makes the difference between HTTP and HTTPS.
The S (big surprise) stands for "Secure". If you visit a website or webpage, and look at the address in the web browser, it will likely begin with the following: http://.
This means that the website is talking to your browser using the regular 'unsecure' language. In other words, it is possible for someone to "eavesdrop" on your computer's conversation with the website. If you fill out a form on the website, someone might see the information you send to that site.
This is why you never ever enter your credit card number in an http website! But if the web address begins with https://, that basically means your computer is talking to the website in a secure code that no one can eavesdrop on.
You understand why this is so important, right?
If a website ever asks you to enter your credit card information, you should automatically look to see if the web address begins with https://. If it doesn't, there's no way you're going to enter sensitive information like a credit card number.
PASS IT ON (You may save someone a lot of grief).
Origins: The information presented above (which was penned by Douglas Twitchell and posted to his web site in 2007) is generally correct: Accessing a web site through a URL that begins with the https:// protocol identifier indicates that information is being transmitted via Secure HTTP
Certainly using an unsecure (http://) connection to send sensitive information is a situation best avoided. However, due to proliferation of digital spoofing schemes, a secure (https://) connection is not necessarily an absolute guarantee of
A February 2011 alert warned that:
While the password you initially enter on Web sites like Facebook, Twitter, Flickr, Amazon, eBay and The New York Times is encrypted, the Web browser's cookie, a bit of code that that identifies your computer, your settings on the site or other private information, is often not encrypted. Firesheep grabs that cookie, allowing nosy or malicious users to, in essence, be you on the site and have full access to your account.
The only sites that are safe from snoopers are those that employ the cryptographic protocol Transport Layer Security or its predecessor, Secure Sockets Layer, throughout your session. PayPal and many banks do this, but a startling number of sites that people trust to safeguard their privacy do not. You know you are shielded from prying eyes if a little lock appears in the corner of your browser or the Web address starts with "https" rather than "http."
Last updated: 25 February 2011
Murphy, Kate. "New Hacking Tools Pose Bigger Threats to Wi-Fi Users." The New York Times. 16 February 2011.