Should we be telling people to look for the lock symbol or the HTTPS in URLS? Articles say no

Hi all, I was doing some reading on my RSS feeds, and came across a few items that may be good for some discussion. To start, we’ve advised in various circles to look (if visual) or determine (if blind) if the site was secure either by a lock symbol in your tool bar or the HTTPS in the URL to symbolize the URL is safe. According to Krebs On Security, an article that is entitled Half of all Phishing Sites Now Have the Padlock and this can’t be good. This article talks about something called Unicode, and the domain system is allowing this. Firefox is the only browser that will happily go to these pages and will convert these in to characters it understands. What jumps out at me is the fact that we’re going secure, and the people who pedle these wares know this. To seem legitiment, they will of course get their site secure. With services like Lets Encrypt, it is now free to encrypt any domain as long as it is hosted somewhere.

The other article which is not too late to post, talks about shopping online. This article was posted the 23rd, and it has some great tips. While Amazon is mostly safe, there are people who could come on to their platform to sell things, or compromise an existing merchant account with Amazon. While Amazon refunded the money in this instant, checking the who is directory is a great idea if you know where to look.

I did have two sites in my bookmarks, but it seems like I’m having trouble with these particular URL’s. <a href=”http://www.ultrahost.usUltrahost has a domain lookup tool, which works quite well. The first box is for the portion of the domain, the second is a combo box asking for the top level (tld) such as .com, .org, .net, etc. How to Shop Online Like a Security Pro is the article that I read in regards to checking domains as well as making sure you’re on a reputable site.

The reason Brian indicates to look at the registry is simple. New sellers will have their domain up within recent months. If you’ve been around selling things awhile, your domain will show this, as it records when the domain was first baught, and when it is set to expire.

My web site for example, was baught in 2008, and white cane travel in 2014. While neither of my sites sell anything, I’m using them as reference points so you understand how valuable this could be.

Most people may not go through this trouble, but as has been demonstrated, your common merchant could be compromised, although it has happened in store, and not necessarily online. The point here is to be as careful as possible, and trust your gut.

Please have a happy and safe shopping season, and thanks for reading the blog!


Discover more from The Technology blog and podcast

Subscribe to get the latest posts sent to your email.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.