One Million SSL Certificates Websites are Vulnerable

Around 1 Million websites are under security risks because they use SHA-1 hashing algorithm; which the security researchers has labeled as insecure. Large number of sites including banking, government and corporate sector websites are SHA-1 certifies which the researchers found most vulnerable.

Paul Mutton a Netcraft researcher said; “SHA-1 based certificates are about to be banned – the CA/Browser Forum governing body has ruled no new such certificates can be issued after the start of 2016, and it already bars any existing certificates that are valid beyond the end of 2017.”

Researchers believe that because of these vulnerabilities; a well financed hacker can easily impersonate an SSL site that uses a publicly trusted SHA-1 certificate. Worse still, while browsers still accept SHA-1 signatures, SSL sites remain at risk even after migrating to SHA-2: if an attacker were to compromise an intermediate CA certificate signed with SHA-1, he could generate valid certificates for arbitrary domains.

Even after all these concerns over SHA-1; the authorities has issued over 120,000 SHA-1 certificates; which Mutton found pretty shocking. But from next year onwards these authorities are forbidden from issung these SHA-1 certificates to new subscribers.

Some of the certificates issued this year has an expiration date of beyond 2017; which is very shocking because of SHA-1 is ragarded as weak and insecure from some time. The companies or owners who bought these certificates will definitely replace them after these report before their expiration date.

Ehacking Staff
With more than 50 global partners, we are proud to count the world’s leading cybersecurity training provider. EH Academy is the brainchild of Ehacking, which has been involved in the field of training since the past Five years and continues to help in creating professional IT experts.

Most Popular

How to Install Kali Linux on VirtualBox [Windows Host] in 2020

Kali Linux is a Debian based Linux distribution, released on the 13th March 2013 as a complete rebuild of BackTrack Linux. It is one of...

Acunetix v13 Release Introduces Groundbreaking Innovations

The newest release of the Acunetix Web Vulnerability Scanner further improves performance and premieres best-of-breed technologies London, United Kingdom – February 5, 2019 – Acunetix,...

What is Ethical Hacking, how to be an Ethical Hacker

Hacking is the process of discovering vulnerabilities in a system and using these found vulnerabilities by gaining unauthorized access into the system to perform...

Basic steps to ensure security Online!

Security concerns are growing day by day due to the growing interconnectivity and technology. Drastic things can happen if you be a little careless...