Skip to main content
  1. Home
  2. Computing
  3. News

Newly discovered HTTPS flaw can expose supposedly secure URLs to wireless evesdropping

Justin Pot
By

https vulnerability public wifi leak urls internet coffee shop
Image used with permission by copyright holder
When you use HTTPS, the addresses you visit are supposed to be encrypted, regardless of what network you’re connected to. A newly discovered vulnerability proves that’s not necessarily true.

If you’re connected to an insecure wireless network, especially one that isn’t vouched for, HTTPS alone won’t protect you, security researchers Itzik Kotler and Amit Klein said this week in a talk at the Black Hat security conference in Las Vegas. With the right configuration, a malicious network could discover every supposedly protected URL you visited.

Recommended Videos

“We will demonstrate that, by forcing your browser/system to use a malicious PAC (Proxy AutoConfiguration) resource, it is possible to leak HTTPS URLs,” says the talk’s description.

Related

The vulnerability potentially affects Windows, Linux, and Mac computers regardless of browser: IE, Safari, and Chrome. But don’t panic about this affecting you at home, or at work. If you connect to a secure network, this doesn’t affect you. Instead, it’s something owners of supposedly free Wi-Fi networks could set up as part of a phishing operation.

It’s worth noting that the content of the sites you visit is not revealed by this vulnerability. But many sites put vital information, including usernames and even passwords, into URLs over HTTPS. It’s a bad security practice, but some developers assume that HTTPS protects information in such cases.

In other cases, even sharing the URLs you visit is too much information to give potential hackers.

The only way to truly be safe from exploits like this is to not connect to networks you cannot vouch for. If you’re in a coffee shop, verify that it offers Wi-Fi, and the network’s name, before connecting.

And even if an unsecured network is vouched for, assume that your information still might not be secure, even if you’re using HTTPS. Check out our guide to browsing the web privately, then set up a VPN or Tor to browse anonymously even on public networks. Even then, avoiding untrusted networks is probably the best bet.

Exploits like this prove that public Wi-Fi networks aren’t without risk, so take the time to inform yourself. It’s worth it.

Editors' Recommendations

Topics
Justin Pot
Justin Pot
Former Digital Trends Contributor
Justin's always had a passion for trying out new software, asking questions, and explaining things – tech journalism is the…
Quest Pro 2: What we know about Meta’s next premium VR headset
From a side view, you can see how glasses can be worn along with a Quest Pro.

While Meta’s Quest Pro is one of the best VR headsets available, it never reached its full potential as a laptop replacement for spatial computing. Meta hasn’t given up on making a work-centric solution, and rumors suggest a Meta Quest Pro 2 is still in development. Here’s what we know so far about Meta's answer to Apple's Vision Pro.
Meta Quest Pro 2 release date speculation
It’s difficult to make a solid prediction on when Meta will launch the Quest Pro 2. Meta CTO Andrew “Boz” Bosworth made it clear in an Instagram AMA that Meta is continually prototyping new VR headsets to find out what’s possible with current technology. That gives Meta more flexibility than manufacturers that research for years before doing hardware testing.

If Meta is satisfied with the performance of the Snapdragon XR2+ Gen 2 and LG can deliver enough micro-OLED displays, the Quest Pro 2 could arrive as early as this October at Meta Connect 2024.

Read more
Does RAM speed matter for PC performance?
Installing RAM sticks in a motherboard.

RAM is one of the primary components in a PC, and it's important that you have at least a certain amount of RAM depending on what you want to do with your PC. However, there are more things to RAM than just capacity: Frequency and latency are important considerations, too.

The question of whether RAM speed matters is especially important now that we have two generations of RAM available, both DDR4 and DDR5 -- and they have vastly different speeds. The official maximum clock speed for DDR4 was 3200MHz, while DDR5 starts at 4800MHz, an increase of 50%; however, you'll easily find RAM kits reaching above 7000MHz. Although latency significantly went up, from CL14 on most 3200MHz DDR4 kits to CL40 on most 4800MHz DDR5 kits, DDR5 is still found to be faster.

Read more
The 6 best 2-in-1 laptops for drawing in 2024
Portal RTX running on the Surface Laptop Studio 2.

Whether you're a seasoned professional or enjoy drawing as a hobby, investing in a 2-in-1 laptop is a great idea for all sorts of artists. Drawing on a laptop makes it easy to quickly share your creation with others, which is especially useful if you're doing it as a professional–negating the need to upload your pen-and-paper sketch to the computer before sending it to a client. Moreover, working on a laptop lets you undo mistakes, zoom in to better handle small details, and quickly change utensils.

There are a lot of perks to drawing on a 2-in-1 laptop, but not all of them are great for creators. Some have unresponsive displays that can't register all your movements, while others might have a lackluster resolution or color spectrum that turns most images into a muddled mess. Because of that, it can be hard figuring out which laptop is best for your needs. And if you'll be spending a good chunk of change on the laptop, you'll want to make sure you get it right.

Read more