Hackers Use SSL Certificates to Launch Malware Attack – Disposable mail news



The latest report published by Meno Security indicates that 52% of the top one million websites have “HTTPS” in their URL, not traditional “HTTP.” 

Despite this, the data says that these organizations that don’t conduct satisfactory SSL reviews are more vulnerable to breaches and cyberattacks.

According to recent research, hackers, while creating phishing websites, now use SSL as well, which endangers the organization’s effort to keep its workers safe. In 96.7% of all user-initiated website visits that work over HTTPS, a mere 58% (approx) of the URL connections are HTTPs in the email, which indicates that firewalls and proxies are unaware of the threat until the organizations conduct an SSL investigation.

If the users are in the illusion that the green lock sign of HTTPS means they are safe, they might want to consider it again, for the hackers use the encryption too. Many people still think that as long as they have an SSL certificate, their webspace is secure, which, unfortunately, is not valid. Recent cyberattacks show that the malware is prone to these types of SSL certificate, and is now hiding behind this sign, which was once a symbol of safety.

Many organizations from the beginning have relied upon firewalls and proxies to ensure the safety of web access.

But many organizations in the present time ignore the decryption and inspection SSL certificates, which has become very crucial. Point to be noted is that when the SSL decryption is enabled, the operations of these devices are down by a factor of five, which is why these enterprises refrain from conducting SSL inspection.

Since 2014, even Google started giving priority in rankings to HTTPS websites on its Search Engine Result Page, considering they are safer.

According to Kowsik Goswami, chief technology officer at Menlo Security, there are many reasons why many enterprises don’t turn SSL inspection. The main reason is privacy, as many organizations are concerned about their employees’ privacy when they investigate the links the employees have visited. The other reason is performance, as the operations turn down by a factor of 5 when SSL inspection is on.


Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.

IT Security FAQ 8: SSL? Https:// – how do you connect it? What info should be encrypted? – 10 minute mail

Secure Sockets Layer (SSL) is a cryptographic protocol designed to provide communications security over a computer network. SSL makes the communication safe between two points, and ensures that ”no one” is sitting in-between, eavesdropping on the conversation. You’ll usually see if a site is encrypted if the url starts with https:// instead of http://.

Comment from our expert:
”An SSL encrypts communication on the web to make it harder for hackers to tap into a conversation. To be honest, all sites online should use SSL today. The only reason that all aren’t is because it is sometimes difficult to implement.”

”You can activate a SSL on your own website by talking your site host, or with your system admin, because it needs to be activated on the server. The organization Let’s Encrypt are now looking at revolutionizing the whole SSL field, making it easier to setup, configure and renew SSL certificates. They are also offering free SSL certificates for all,” says Johan Edholm at Disposable mail.

Visit Let’s Encrypt to learn more.

Want more IT security information? Don’t miss out on the other parts of our IT Sec FAQ series!

Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.

How SSL affects SEO | Disposable mail Blog – 10 minute mail

Implementing an SSL certificate is a basic security measure that allows your website’s visitors to browse using a secure connection. Websites that use SSL get a boost in search rankings, but companies are often reluctant to make the switch. We talked to Staffan Ragnö, partner at SEO agency Firstly, about Google’s security initiatives and SSL’s impact on organic search rankings.

Staffan Ragnö | Firstly

Staffan Ragnö, Firstly

 Security as an investment

The role of web security is transforming and  security measures can impact your brand’s reputation in more ways than ever before. Staffan Ragnö from SEO agency Firstly explains: “As a content distributor, Google aims to offer the best content based on the user’s search terms, which is why it encourages webmasters to implement features like SSL and offer visitors a secure connection.”

To show companies that SSL is a good investment, some extra incentives were needed: “In 2014, Google announced that websites secured with SSL would get a bonus to perform better in organic search. Even though the offer only corresponded to a 1% value increase, it was enough to convince many to consider switching to SSL.”

SSL search rankings | Disposable mail

The advantages of a secure connection go beyond SEO visibility. Staffan adds: “Other initiatives are highlighting secure websites with a coloured icon in Google Chrome and in the search results list.”

Switching to SSL

Staffan says that SSL is becoming a frequent topic in client dialogues: “It’s becoming more common as the implementation scale and security awareness grow.” This does not come as a surprise – users read about security in the media and a seemingly small problem like an in-browser alert about a missing SSL certificate can have a negative impact on a brand.

SSL search rankings | Disposable mail

Those who wish to reap the benefits of Google’s ranking boost can get started by implementing an SSL certificate: “If the client is interested in increasing their long-term organic search visibility and revenue, we think they should consider SSL.“

However, the purpose of security is not just improved search visibility, Staffan emphasizes: ”What’s even more important is the responsibility that companies, organisations and authorities have to offer website visitors a secure experience that reflects the entire organisation. If you move to SSL for your customers and not just for SEO, it will benefit both in the long run.

The future will be security-oriented

Staffan explains that it is not clear what incentives Google will provide in the future in order to prioritise security. However, he points out that their stance on the matter is no secret as is evident in this Tweet by Parisa Tabriz, team lead for Google’s security technicians.

SSL rankings | Disposable mail

What’s next for security and search? Staffan says mobile security might be the next step: “What could be interesting is the recent shift to focusing on the mobile experience when ranking websites in organic search. Mobile security is still a relatively unexplored area that changes the demands on web administrators.”


Are you ready to take your site’s security to the next level? Sign up for a free Disposable mail trial to test your website for hundreds of vulnerabilities.

Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.

Newly added security tests, July 26, 2017: CVE-2017-9791 – 10 minute mail

To bring you the most up-to-date security service and help you stay on top of threats, we update Disposable mail on a regular basis. Here are some of the latest security tests added to the tool:

  • CVE-2017-9791 Apache Struts RCE
  • WordPress dsubscriber SQL Injection
  • WordPress wp-hide-security-enhancer LFI
  • SPF-10 module
  • SSL private key disclosure module

Happy scanning!
The Disposable mail Team

 

Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.