Do you trust all HTTPS sites---The Rise in SSL-based Threats

  1. sml156's Avatar
    Posts : 672
    Microsoft Windows 10 Pro 64-bit
       18 Feb 2017 #1

    Do you trust all HTTPS sites---The Rise in SSL-based Threats

    Do you pay attention to the sites you visit, Do you feel safe if you see if you see the HTTPS or safe or secure symbol in your browser.


    The Rise in SSL-based Threats | Zscaler Blog
    The majority of Internet traffic is now encrypted. With the advent of free SSL providers like Letís Encrypt, the move to encryption has become easy and free. On any given day in the Zscaler cloud, more than half of the traffic that inspected uses SSL. It is no surprise, then, that malicious actors have also been using the SSL protocol in their activities over the last several years. The increasing use of SSL creates problems for organizations that are unable to monitor SSL traffic, as they must rely on less-effective techniques like IP and domain blocking in an attempt to identify and block threats.
    I think the the blog post above is a reaction to this
    A group of scientists from the University of Michigan, University of Illinois Urbana-Champaign, University of California Berkeley, International Computer Science Institute, as well as from Mozilla, Cloudflare, and Google, have published a report that reveals that HTTPS scanning can cause new security issues.
    Nick Sullivan - The Security Impact of HTTPS Interception
    The Security Impact of HTTPS Interception

    As HTTPS deployment grows, middlebox and an- tivirus products are increasingly intercepting TLS connections to retain visibility into network traffic. In this work, we present a comprehensive study on the prevalence and impact of HTTPS in- terception. First, we show that web servers can detect interception by identifying a mismatch between the HTTP User-Agent header and TLS client behavior. We characterize the TLS handshakes of major browsers and popular interception products, which we use to build a set of heuristics to detect interception and identify the responsible product. We deploy these heuristics at three large network providers: (1) Mozilla Firefox update servers, (2) a set of popular e-commerce sites, and (3) the Cloudflare content distribution network. We find more than an order of magnitude more interception than previously estimated and with dramatic impact on connection security. To understand why security suffers, we investigate popular middleboxes and client- side security software, finding that nearly all reduce connection security and many introduce severe vulnerabilities. Drawing on our measurements, we conclude with a discussion on recent proposals to safely monitor HTTPS and recommendations for the security community.
      My ComputerSystem Spec

  2.    18 Feb 2017 #1

    I noticed tenforums has gone https again.

    They tried it, it failed and went back to http. A year ago or so. Whatever was wrong was obviously resolved as now it is https again.

    No I don't think so it is a problem unless you are using Wi-Fi on an airplane or something.

    HTTPS is better than any alternative if you are happy with the network you are connected to is it not?

    These guys seem to think so anyway.

    tls - Is visiting HTTPS websites on a public hotspot secure? - Information Security Stack Exchange

    If you connect to an unknown network then you are vulnerable to any mitm and there is nothing you can do about it. I suppose in that case a Google certificate may not be from Google but self signed ones made up by Gogo. Gogo issues fake HTTPS certificate to users visiting YouTube | Ars Technica
      My ComputerSystem Spec


Related Threads
I'm having this problem and few more for about 2 months, asked my ISP, they renewed my IP and everything, they say it's not their problem. I cannot login to most of my social network accounts because it opens the site in http instead of https IMO,...
Hi all; I have an odd issue with Firefox & Windows 10, with accessing HTTPS websites. The sites are very very slow to load and others do not complete the load cycle. I've had this issue for months now. Just tried the newly released Firefox...
Hi, I'm currently running a Windows 10 Pro PC with a 32-bit architecture. My processor allows for a x64 upgrade, but my system's information shows that my PC is x86 based. Can I still upgrade? I also have 6.00 gigabytes of ram, definitely enough for...
Read more: Firefox ban on SHA-1 dropped after many locked out of HTTPS sites | ZDNet
I have this kind of problem not only with one of my browsers but all those 3 ones installed on my system. Javascript is enabled on Firefox, Chrome and Internet Explorer but I fail when I try to hit log in button of a site or run some scripts. Please...
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 06:57.
Find Us