A new fault has been discover by 2 security researchers and according to them websites that uses HTTPS connexions are not necessarily secured depend less of the network to which you're connected. According to the speech of Itzik Kotler and Amit Klein at the security conference in Vegas, "We will demonstrate that by forcing your browser / system to use the Automatic Proxy Configuration file or .PAC malicious file, it is possible to retrieve a URL in HTTPS data," said the two researchers. The vulnerability potentially affects Windows, Linux and Mac regardless of the browser: IE, Safari and Chrome. But do not worry regarding your connections at home or at work. If you connect to a secure network, you are not affected. In contrast, it is something that supposedly owners free Wi-Fi networks could set up as part of a phishing operation". Therefore, with the correct configuration a malicious network can discover any URL you're visiting However the contents of these url aren't reveal. Still you're not out of trouble. Developers are fund of integrating our IDs and password directly to URLs in HTTPS with the reason that they are protected by the HTTPS encryption. So the only way to protect yourself now is to avoid connecting to public networks
and to keep your home network secure. You can do this by for example changing your SSID and password every months.
Comments
|
|