-2

Https websites cover some security requirements and certify the author, but how can we be sure that an author of such an https website is not malicious?

SilverlightFox
  • 33,408
  • 6
  • 67
  • 178
Prometheus
  • 169
  • 5
  • Welcome to this website. You say: *uses its own protocol for not malicious actions ?* Can you please elaborate more by editing your question? It is not clear what you are asking. –  Aug 14 '15 at 14:53
  • Greetings, i mean if it is possible for someone to use the https like a bait for clients and cheat them . – Prometheus Aug 14 '15 at 14:56

3 Answers3

0

All an authenticated HTTPS connection does is validate that if https://www.example.com is shown in the address bar, that you are in fact connected to www.example.com.

The certificate does not certify that www.example.com is not malicious in any way. An Extended Validation Certificate with a green highlight shown around the address bar will allow you to know the actual organisation behind the site, so if you trust them you can trust the website. There are also Organisation Verified certificates, however it is hard for regular users to distinguish these from Domain Verified certificates.

DV certs are very easy to get hold of - so unless you know and trust the domain of the site already, you should not afford any additional trust in the site just because it uses https.

SilverlightFox
  • 33,408
  • 6
  • 67
  • 178
0

if the website use https you can theorically be sure (day 0 exploit excluded) that you are visiting the website you see in the url and that nobody can see your exchange .

This doesn't mean the site isn't malicious, corrupted or insecure in the way that can harm you.

grandchamp robin
  • 161
  • 6
0

The communication between you (your browser) and the server using HTTPS is secure in that case (of course, we suppose you are not a victim of some scenarii like MITM attack). The certificate ensures you are communicating with the right website, nothing more. But HTTPS is not responsible of the nature of the content of this communication: by nature of the content, I mean the website can deliver you a malware either directly by tricking you for instance to download a virus or by elaborating a more sophisticated method such as drive-by download attack.