One Million SSL Certificates Websites are Vulnerable

Around 1 Million websites are under security risks because they use SHA-1 hashing algorithm; which the security researchers has labeled as insecure. Large number of sites including banking, government and corporate sector websites are SHA-1 certifies which the researchers found most vulnerable.

Paul Mutton a Netcraft researcher said; “SHA-1 based certificates are about to be banned – the CA/Browser Forum governing body has ruled no new such certificates can be issued after the start of 2016, and it already bars any existing certificates that are valid beyond the end of 2017.”

Researchers believe that because of these vulnerabilities; a well financed hacker can easily impersonate an SSL site that uses a publicly trusted SHA-1 certificate. Worse still, while browsers still accept SHA-1 signatures, SSL sites remain at risk even after migrating to SHA-2: if an attacker were to compromise an intermediate CA certificate signed with SHA-1, he could generate valid certificates for arbitrary domains.

Even after all these concerns over SHA-1; the authorities has issued over 120,000 SHA-1 certificates; which Mutton found pretty shocking. But from next year onwards these authorities are forbidden from issung these SHA-1 certificates to new subscribers.

Some of the certificates issued this year has an expiration date of beyond 2017; which is very shocking because of SHA-1 is ragarded as weak and insecure from some time. The companies or owners who bought these certificates will definitely replace them after these report before their expiration date.

Ehacking Staff
With more than 50 global partners, we are proud to count the world’s leading cybersecurity training provider. EH Academy is the brainchild of Ehacking, which has been involved in the field of training since the past Five years and continues to help in creating professional IT experts.

Most Popular

The Complete OSINT Tutorial to Find Personal Information About Anyone

This article mainly focuses on how to discover a person's digital footprint and gather personal data by using open-source intelligence (OSINT). So, in its...

How to find the password of hacked email addresses using OSINT

Open-source intelligence or OSINT is a potent technique, and it can give a lot of valuable information, if implemented correctly with the right strategy...

How to Identify Company’s Hacked Email Addresses Using Maltego & HaveIbeenPawned

This article is part of the Maltego OSINT tutorial, where you will learn to identify the already hacked account, and it’s password using the...

5 Key Vulnerabilities in Global Payroll

The cyber threat against payroll is growing in sophistication and frequency, according to the latest FBI cybercrime report. Many of these attacks exploit fixable...