I had a friend ask me this on Facebook and my answer was so long I figured I might as well post it here as well.
Question: What’s the difference between http and https and does the lack of “s” mean I can be hacked?
Hypertext Transfer Protocol (HTTP)
Hypertext Transfer Protocol Secure (HTTPS)
HTTP transmits data in clear text. Someone like my self that knows some networking tricks can find out stuff like what websites you are going to and any data you send. This is only if they are on the same network as you. Now if you are at home on your encrypted wireless you have nothing to worry about because the network connection is secure and no one else is on your network. The chances of someone out of the internet snooping on your traffic is less likely because all the hardware running the internet is physical secured.
Now in the case of HTTPS all data between your computer and the server is encrypted. Now the level of encryption can vary from site to site and you need to be using a new web browser to use the higher levels of encryption. You also need to make sure that any HTTPS sites you are on don’t have a certificate error (most browsers will warn you if there is a problem). Oh and if you run HTTPS over a secure wifi network your data is double encrypted.
Now all encryption CAN be broken it just might time some time. People are not going to spend months of computer processing time to find your password.
So what can you do? make sure when ever possible you are using HTTPS (both facebook, twitter, google, and banking sites support this). Some site don’t support it because of money; it can coast as much as $500 per year per site to get an SSL certificate used to secure the connection. Most sites will force you over to HTTPS with out you noticing.
So when ever you are about to enter your credit card number into a website it is up to you to make sure is says HTTPS in the address bar.