![]() On its way to my fake login page, the data cannot be tampered with.On its way to my fake login page, the data cannot be read by anyone other than my website and the person who submitted the data.When people submit their username and password on this webpage, everything about what the padlock does mean is still true: Here's an example from the last campaign that we ran - notice the padlock: When we run phishing campaigns at SEM, I make sure that our fake websites have the padlock because it looks safer than a website with no padlock. If you were to browse to something like and see a padlock (don't actually do this), this would not mean that is a good website - just that no one is going to get in the middle of your connection to that website. The padlock does not mean that the website itself is safe. In short, the padlock ensures that no one else is getting involved in the connection between you and the website. In other words, when you browse to and see the padlock, you can be sure that you are actually communicating with "" and not someone else pretending to be "" The website is who they say that areĭon't overthink this one - it just means that the URL you see in the address bar is the actual website that you are communicating with. This is also important for data that comes from the website - without TLS, someone could intercept the data and send you viruses and malware instead of the web page that you were trying to view. Imagine if you submitted an order online for a life-sized Thor action figure, but someone intercepted that data and changed the delivery address - someone else would be receiving the Norse god that you paid for! TLS also guarantees that no one will be able to modify the data. This is true of data that the website sends back to you as well. Another word for this is privacy - anything you send to a website when the padlock is present will be encrypted in such a way that only the website you are sending it to will be able to decrypt. Using the example from earlier: because only you and your friend know how the messages are encrypted, no one else can read the actual content of the messages. This guarantees the three things mentioned earlier: The data cannot be read by anyone else: When you see the padlock, your connection to that website is using TLS. Thankfully our encrypted connections in the real world use a much better method than this - it is called Transport Layer Security, or TLS. Your friend knows this, so when they receive your message they shift each letter back over by 13 places and read your original message. To do this, you rewrite your message in such a way that every letter is shifted over by 13 places - in other words, every 'A' becomes an 'N', every 'B' becomes an 'O', etc. You don't want anyone other than your friend to be able to read this message. You have a message that you want to send to your friend. It may help to start with a basic explanation of what encryption is: The website is exactly who they say they are.The data cannot be read by anyone except you and the website.The padlock means that your connection to the website is encrypted in such a way that: However, there can be some confusion about what this really means - and what it does not mean: What the padlock does mean: encrypted), and no padlock means that the connection is "not secure" (i.e. ![]() These messages are correct - the padlock symbol means that your connection to the website is "secure" (i.e. On the flip-side, you may have noticed what happens when the padlock isn't there, especially in Chrome:
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |