Every time you visit a website, information is flowing between your device and a server out there somewhere. In the early days of the internet, most all that information was transmitted "in the clear," also known as "cleartext," meaning unencrypted. Cleartext, if intercepted, can be easily read. That means a third party could monitor the content you're accessing. That's kind of like someone knowing what books you've checked out of the library, and even what chapters you've specifically looked at. Creepy! Ain't nobody's business but your own. If that doesn't concern you, consider what happens when the data transmitted includes sensitive information like usernames and passwords.
That's why, in recent years, we've seen more and more sites serving content over a secure connection. The mechanics of these transactions are quite fascinating, but the important point is that the information flowing between you and the server is encrypted. If it's intercepted, it's going to be difficult for that mysterious third party to figure out exactly what content was being transmitted. In short, encrypted sites are much more secure.
Encryption is so easy and so valuable, in fact, that it's becoming the rule rather than the exception. Google (the most popular search engine) gives preference in its search results to sites that serve their content securely. Chrome (the most popular web browser) flags insecure sites. The web is in transition. Truly pervasive encryption is not here yet, but it looks like the way of the future.
CAT+FD got with the program last year. With some help from our friends in ITC, we started encrypting all content from cat.xula.edu. You probably never noticed, but that makes our site a little more secure than it was.
So how do you tell? How can the average user distinguish a site that's encrypted from one that isn't? ...continue reading "Just Encryption Part 1: Web Basics"