HTTPS or Not


Many of you know about the popular website called LinkedIn. It’s a sort of social network for businesses and people looking to make contact with each other. You can post your detailed resume to the site so potential employers can easily see things about you. It also allows you to network with others, which could be beneficial in landing that job that you want.

Well, just as other sites have fallen victim to cyber-attacks recently, it has been brought to light that LinkedIn had been particularly vulnerable from past years till earlier this year and it had been up to the end-user to make it not vulnerable. By default your login had started with an HTTPS connection and ended with a non-HTTPS connection. What this means is if there was someone on your home network, the local coffee shop you like to frequent, or any other open network, wireless or wired, that you had been using, they could have easily grabbed your login name and password without you even knowing.

While no financial data is on your LinkedIn account, a would-be attacker could gather quite a lot of information on you that would be very helpful in breaking into other accounts you have elsewhere.  LinkedIn has stated that all customers in the U.S. and E.U. have been now protected against these types of attacks, called “man in the middle,” starting in February of this year, with HTTPS connections always on by default. What is unclear and why this has been brought to light is that customers from any other area of the world maybe still unprotected with no HTTPS connections by default.

While this is a fairly standard issue in terms of security, it brings up a good point. You should always be checking sites that you log into that store personal information or are otherwise critical always use HTTPS connections, not just when you login. This type of connection encrypts any and all traffic that is sent from your computer browser to the hosting server of the site. You have to make it that much more difficult for attackers to successfully gain access to your information.

To do this on most sites, including LinkedIn (if they don’t use HTTPS already automatically), you simply go to your account and settings looking for the option to enable HTTPS connections. Most sites these days do this automatically but even some that you wouldn’t expect (LinkedIn in this case) still do not and leave this up to you, the end user, to do.  However it is still good to make sure this is working for you.

Stay Safe!