HTTPS is the protocol that is getting a lot of attention these days. As more browsers migrate toward supporting it in meaningful ways — like by not connecting to sites that do not offer it — it would be easy for a user to think that once HTTPS has been implemented, everything security-related is taken care of.
That is not the case.
In fact, one of the major problems affecting HTTPS right now is that users think that it does more than it actually does, than it was designed to do.
A simple example of this would be when some page connects with HTTPS to a browser but has a link to an image on another server embedded in it. The page is sent to the user HTTPS encrypted and all. Yet on the page served to the browser, it also serves up the link to the image - an image file may or may not contain malicious code.
The user would have no