Why HTTPS and SSL are not as secure as you think

SSLIn this day and age of well-known NSA spying, everyone keeps saying that the only way to be safe is to use SSL/TLS, commonly known as “browsing with https://”.

The sad reality is that HTTPS does virtually nothing to protect you from the prying eyes of alphabet soup agencies – or anybody else with enough knowledge about how these supposedly “secure” connections actually work.

It’s true that connecting to web sites with SSL will certainly prevent “script kiddies” and other more winky opponents from eavesdropping on your surfing or otherwise interfering in your affairs. But as for the Real Bad Guys, forget it…

We shall begin by taking a brief dive down the rabbit hole of SSL, hopefully in a way that will make sense to even the least technically inclined among us.

This issue is, after all, so extremely important that I think everyone needs to understand what is really going on, and how web security actually works, without needing a PhD in cryptography, computer science, or engineering!

(more…)