How do you make sure that your connection is secure? Most people will answer that if they see the green lock sign in the browser’s address bar, that will vouch for their security online. The green pad typically means that the website you are accessing is Hypertext Transfer Protocol Secure (HTTPS), which secures your data and protects you from hacking attempts. HTTPS has gained so much credibility over the years that nearly all established websites now use it to encrypt the data between server and browser.
However, it seems like HTTPS alone is not sufficient to secure the connection as various Researchers in Austria and Italy have discerned that out of the tested 10,000 top websites that use HTTPS, almost 5.5% are still prone to attacks related to Transport Layer Security (TLS).
If you are not aware of TLS (FKA SSL), it is used for encrypting the communication protocol in HTTPS. The researchers believe that the discovered flaws are due to faulty implementation of the TLS encryption schemes and some buds not being patched.
These flaws are nearly impossible to detect as from the surface, everything seems normal. The green lock sign still appears in the address bar. They were discovered by researchers using TLS analysis methods. The selection of the top 10,000 websites was based on Alexa’s rankings.
Although most of these flaws do not allow a hacker to dig deep into critical information such as passwords etc. and only access to limited information is provided, some are so severe that attackers may utilize them to decrypt nearly the entire Web Traffic passing between a server and browser. In addition to that, there are vulnerabilities as well that are well-equipped to be utilized to decrypt and alter the passing data. Ironically, these attacks were the reason for HTTPS to be introduced in the first place.
Let’s talk about the numbers. According to the researchers, there are almost 91,000 domains associated with the tested 10,000 websites, which can result in the number of affected websites to rise due to these HTTPS flaws. Moreover, 898 of the tested websites were found completely prone to being jeopardized, while 977 websites, although better secured than the ones previous mentioned, were still hackable to some extent.
You are suggested to check out the full research paper, once it comes out in May (after the 40th IEEE Symposium on Security and Privacy).
Read Next: Study Shows That Internet Users Prefer Private Messaging Apps To Share Content
However, it seems like HTTPS alone is not sufficient to secure the connection as various Researchers in Austria and Italy have discerned that out of the tested 10,000 top websites that use HTTPS, almost 5.5% are still prone to attacks related to Transport Layer Security (TLS).
If you are not aware of TLS (FKA SSL), it is used for encrypting the communication protocol in HTTPS. The researchers believe that the discovered flaws are due to faulty implementation of the TLS encryption schemes and some buds not being patched.
These flaws are nearly impossible to detect as from the surface, everything seems normal. The green lock sign still appears in the address bar. They were discovered by researchers using TLS analysis methods. The selection of the top 10,000 websites was based on Alexa’s rankings.
Although most of these flaws do not allow a hacker to dig deep into critical information such as passwords etc. and only access to limited information is provided, some are so severe that attackers may utilize them to decrypt nearly the entire Web Traffic passing between a server and browser. In addition to that, there are vulnerabilities as well that are well-equipped to be utilized to decrypt and alter the passing data. Ironically, these attacks were the reason for HTTPS to be introduced in the first place.
Let’s talk about the numbers. According to the researchers, there are almost 91,000 domains associated with the tested 10,000 websites, which can result in the number of affected websites to rise due to these HTTPS flaws. Moreover, 898 of the tested websites were found completely prone to being jeopardized, while 977 websites, although better secured than the ones previous mentioned, were still hackable to some extent.
You are suggested to check out the full research paper, once it comes out in May (after the 40th IEEE Symposium on Security and Privacy).
Read Next: Study Shows That Internet Users Prefer Private Messaging Apps To Share Content