I keep trying to go to [noparse]http://www.google.com, and it keeps getting redirected to https://www.google.com[/noparse] Is this just an alternate format or is a virus sending my browser to a clone site?
it’s intentional:
https means it’s a secure (encrypted) connection.
https://www.google.com/ is legit, the encrypted version of http://www.google.com/.
Your browser should give you an indication of whether or not it trusts that the site is the real one - a padlock icon or a company name near the address bar. Click on it.
Big relief! Thanks all.
FYI, given that the URL itself is the same, the preceding protocol signifier (http vs https) cannot mean you’ve been sent to another site. It just means you are attempting to use a different protocol to the same site.
I only get the https when I’m signed in with my gmail account.
Look in the upper right. Is your computer signed in?
Good to know; although a really sneaky virus could fake the displayed address altogether and let a third-party site pass through one’s searches to and from Google. Has this in fact been done?
There’s a thing called DNS cache poisoning. Basically, www.google.com is meaningless to a computer. The computer needs to convert that into numbers. It does that through the Domain Name System (DNS). The computer sends www.google.com to the DNS server, and the server sends back the numbers to your computer.
There are a small number of root DNS servers that contain the “master list” for the entire internet. This list gets distributed out to the DNS servers that your internet provider uses. If someone can hack into your internet provider’s system and change the numbers in that list, they can redirect all of your google searches through their own system and do whatever they want with the data going back and forth. Since your ISP’s list is referred to as a “cached” list (it’s just a copy of the original from the root DNS servers) this is called DNS cache poisoning.
The bad part about it is that it can affect you even though your own system doesn’t have a virus.
DNS lookup starts with your computer, and goes up through the chain of DNS servers until it reaches the root DNS servers if necessary. Another type of malware can intercept the DNS search on your own computer and give it a false number.
Both of these types of redirects to malicious sites are common.
Yeah, and server side processing is supposed to more secure.
You can’t protect against somebody who has successful root to a server that you count on to be OK.
You count on them because security is what you are paying for along with bandwidth and storage.
How common is this?
The distinction between http:///sitename and https://sitename is not affected by that consideration. If the latter was hijacked elsewhere then so would the former be.