Think that URL is SAFE? Think that website is SECURE? Think again!

When Secure is not Safe!

I received one of my regular ‘news’ emails today with a link to the Wordfence Blog; nothing unusual there! The title “‘Secure’ in Chrome Browser Does Not Mean ‘Safe’” caught my eye however, as although I don’t regularly use Chrome, according to GlobalStats over 50% of web users do. A quick click and read highlighted some worrying issue, in that some Certification Authorities have issued SSL certificates (Allowing use of the ‘secure’ HTTPS protocol) to known malicious websites! When the certificates are revoked, the websites are still being shown in the chrome URL Bar as ‘secure’.

Chrome 'secure' URL status

© 2017 Feedjit Inc

SSL Certificate relationships

© 2017 Feedjit Inc
Click to enlarge

More worryingly is a lot of these SSL certificates are interlinked to multiple domains!  The chart here shows known Phishing domains with the red links being those domains marked as malicious by Google.  Un-marked domains are in green. If you look closer you will see most of these domains are trying to ‘spoof’ either google.com or microsoft.com.

If you want to read the technical detail please visit the Wordfence Blog, and please also educate your friends and family to look closely at website URLs, and not blindly trust the little Green Padlock!

And yes, SMH Technology Solutions website is secure!

Browser URL bar with SECURE SSL status

Tagged with: , ,

Leave a Reply