Hawaii Intelligence Digest, 29 March 2017, 03:25 hrs, UTC, Post #154.
Author: Mark Maunder, Wordfence Security Founder & CEO. Release date: 27 March 2017.
Accessed on 29 March 2017, 03:25 hrs, UTC.
Please click link to read the full report.
In this edition of “Hawaii Intelligence Digest”, I’ll focus on a bit of cybersecurity for your personal and business websites. In addition to the threats of ransomware, malware, data theft, and various phishing scams, your online data are now vulnerable to further exploits by cyber criminals because of a tool originally designed to encrypt your sites during your business and personal dealings on the internet.
Many of you are aware that many browsers, including Chrome, Firefox, Edge, Safari, and even Internet Explorer are urging you to have a “https” prefix before your URL to insure encrypted transmission of your data. While this prefix certainly adds a layer of security to your web presence, the analysts at Wordfence Security have found that malicious phishing sites are getting valid SSL certificates from certificate authorities. While browsers such as Chrome eventually remove these scams, so-called “secure” sites can remain dangerous until they are officially removed from the internet. The delay in removing these phishing sites can expose your blogs and websites to damage.
This well-written article by Wordfence Security Founder & CEO Mark Maunder explains how to protect yourself, your friends, and your family against the growing number of phishing sites that are installing bogus “secure” certificates on the internet.
Specifically, Mr. Maunder recommends the following:
“What should you do to ensure you stay safe on the web?
The best way to protect yourself against malicious sites, in this case, is to check your web browser’s location bar and read the full website hostname that appears there.
Look at the location bar above. You should see ‘https://www.wordfence.com/….’. When visiting any website that you plan to exchange sensitive data with, check the full hostname after ‘https://’ and before the next forward slash. If you don’t recognize it or if it looks like it has some weird stuff on the end, close the window immediately and think carefully about how you ended up on that website.
Avoid clicking whatever link brought you to that website again.”
“What can Google Chrome do to improve security?
In my opinion Google actually does a pretty good job of staying on top of things. They responded quickly to our post earlier this year about a new Gmail phishing scam. They reached out to contact us and fixed the issue.
Chrome must start looking up certificate revocation lists in real-time to fix the Comodo certificate issue we showed above. Having Chrome show a revoked certificate as “Secure” is not acceptable. However, doing this has performance penalties for Chrome users and it may also have privacy implications as websites that are visited are sent to CAs during the lookup. So it’s not a simple fix.
I’d like to see the Google Safe Browsing (GSB) team using certificate relationships as we have used above to identify other malicious domains that should be on the GSB. They may be able to automate this. This will speed up the time it takes to get malicious sites listed on the GSB.
I don’t think the “Secure” designator in the Chrome location bar is good enough. The Chrome team should consider a sliding scale that takes into account who the CA is, how many domains share the same certificate and the age of a domain and its certificate. There are other signals they can probably incorporate to produce a security score, rather than just a binary “Secure” or “Not Secure” designator for websites.”
For the latest trends in geopolitical intelligence, strategic forecasting, terrorism, and cybersecurity, please visit my Daily Intelligence Briefing at:
For more information on the above topics, please check out the blog sidebars. These news feeds are updated daily.
Opinions expressed in this blog are mine unless otherwise stated.
Thanks for joining us today!
Until next time,
Hawaii Intelligence Digest