Latest revision |
Your text |
Line 8: |
Line 8: |
| | | |
| ==Explanation== | | ==Explanation== |
− | | + | {{incomplete|Created by a RECURSIVE REDLINE - Please change this comment when editing this page. Do NOT delete this tag too soon.}} |
− | This comic pokes fun at the lack of security implied by an unverified {{w|https}} connection as implied by the "red line through (<span style="color:red"><s>https</s></span>)". https is an extension to the http protocol which (among other things) verifies that the server owns the domain name. “Insecure” https is usually caused by invalid TLS certificates, which can be an indication that an attacker is intercepting the connection (the attacker doesn’t have access to the certificates). However reasons for “insecure” https are often caused by benign reasons:
| |
− | | |
− | * The certificates expired, and the site maintainers have not asked for new certificates.
| |
− | * The certificates are self-signed by the owners.
| |
− | * The client has an outdated list of CA certificates.
| |
− | | |
− | A comprehensive list of reasons associated with server misconfigurations can be found on [https://badssl.com/ badssl].
| |
− | | |
− | Although a lack of the https protocol in a web process does allow for third party tampering and deception, it also implies that the site is rather old; and, if it has been maintained for this long, it is probably not malicious, as most malicious sites are either reported and taken down or allowed to become defunct by their operators after a short amount of time.
| |
− | | |
− | The title text essentially explains the joke, noting that maintaining a website costs money and that there are regulatory agencies responsible for taking down sketchy domains, and so if a website is still up despite these obstacles, it is probably trustworthy.
| |
− | | |
− | A similar question was asked on [[1256: Questions]].
| |
| | | |
| ==Transcript== | | ==Transcript== |
− | :[White Hat is sitting in an office chair at his desk facing his laptop while Cueball is standing behind him looking over his shoulder.] | + | {{incomplete transcript|Do NOT delete this tag too soon.}} |
| + | :[White Hat sits at a desk facing his laptop with Cueball standing behind him looking over his shoulder.] |
| :White Hat: What does the red line through https mean? | | :White Hat: What does the red line through https mean? |
| :Cueball: Oh, just that the site hasn't been updated since 2015 or so. | | :Cueball: Oh, just that the site hasn't been updated since 2015 or so. |
| :Cueball: And since it's been around that long it means it's probably legit. | | :Cueball: And since it's been around that long it means it's probably legit. |
| + | |
| | | |
| {{comic discussion}} | | {{comic discussion}} |
− |
| |
− | [[Category:Comics featuring White Hat]]
| |
− | [[Category:Comics featuring Cueball]]
| |
− | [[Category:Computer security]]
| |
− | [[Category:Internet]]
| |