Recently, a string of attacks against SSL encryption have undercut HTTPS privacy on the Internet. Want to know if the sites you use frequently are vulnerable to these hacks? Here’s an easy way to find out.
HTTPS encryption is a great way to make your online activity more private, but only if it actually works. Even if you have an extension like HTTPS Everywhere installed in your browser, it won’t do you any good if the websites you are visiting are using insecure implementations of SSL, the encryption scheme that makes HTTPS possible.
Unfortunately, HTTPS is no longer as reliable as it once was. Over the past two years, security researchers have discovered a number of major security vulnerabilities in software packages (especially the open source OpenSSL library) that are used to provide HTTPS encryption on websites.
Some of them have been more serious than others — Heartbleed was the worst — but all make it possible for attackers under certain circumstances to decrypt data when it is being passed between your computer and a website.
That means information that would otherwise stay private could be read by third parties — including not only eavesdroppers on your local network or wifi connection but also, in some cases, anyone on the Internet who is able to intercept the data.
So, how can you know if the websites you visit are subject to any of the major vulnerabilities that affect HTTPs? Zerocopter, a security company, has released a vulnerability scanner that checks a given website for potential issues.
There are some downsides and limitations. For one, the tool makes you enter an email address to get results. For another, this won’t help you discover SSL-related vulnerabilities in apps you use that are not Web-based. (Some of the recent SSL bugs affect things like email, not just HTTPS for websites.) And of course, Zerocopter can’t absolutely guarantee that a site is free from threats.
But in a world where it has become harder than ever to assume that HTTPS is actually keeping your online activity private, the Zerocopter vulnerability scanner can come in handy.