The Insecure Protocol at the Heart of the Web

There are lots of reasons why the world wide web has developed so quickly from it’s early origins in CERN at the beginning of the 1980s. Of course, there are many reasons why it has become so popular but arguably at the core is the transport protocol called HTTP. This is the reason why different clients, servers and devices have been able to communicate with each other so effectively. However there is a problem with the simplicity of this protocol, which is now a major concern due to the fact that so much of our lives has been transferred to the digital realm.

The issue is security which in the initial development of the web was not really a concern.  However, the world has changed and now the web is much more than a few thousand websites passively supplying text pages to our browsers.     There are some client side solutions that people can take and one of the most popular is to use a VPN which will encrypt your connection.  One of the benefits of using these services is that you can even bypass region blocks and watch things like BBC TV abroad.

And so precisely how does the best part of your digital communication get moved around the net? Well the vast majority takes advantage of something referred to as HTTP that you have already almost definitely heard of.  HTTP is actually the transport used by your web requests and is essentially an extremely simple protocol utilized to deliver HTML webpages. It’s not exactly what you could call secure but is primarily designed for lightness and speed – you can read about it in more depth in the RFC Here.

One of the main problems inn attempting too always keep our details and identification safe and secure utilizing HTTP is the simple dilemma that it is predominantly an ASCII based protocol which in turn functions in plain text.

This is almost brilliantly simple and quick and simply operates at a quite basic degree of request and respond. HTTP is a mechanism, a way to request a resource from a world wide web server (GET request) and a response will be supplied and the information when possible.

Here’s an example of such a request

GET/ index.htm HTTP/1.0.

Not actually exactly difficult stuff and the worrying fact is there’s no cryptic language to understand and no need to decipher any of the data that passes to and from your web browser and the web server.

Among the most revealing things you can do in order to show how insecure the HTTP protocol is actually for delivering and obtaining data is to connect up to a wi-fi coffee shop, hotel access point and after that fire up a free sniffer program like wireshark (despite the fact that I still use ethereal!) and look at the data that is actually circulating in the clear.

Same goes with wireless connections – I still just can’t quite look at some of my neighbours in the same way the moment I saw some of the websites he visits flying passed my sniffer.

There certainly are loads of reasons why HTTP is such an insecure protocol such as it functioning over the exact same well known TCP ports but we should also remember exactly how staggeringly effective and efficient it is as a delivery mechanism. It certainly done a damn great job sharing information over the internet but quite possibly in some cases a little too good!

Source: Using a Residential Proxy

Leave a Reply

Your email address will not be published. Required fields are marked *