Newly discovered HTTPS flaw can expose supposedly secure URLs to wireless evesdropping

https vulnerability public wifi leak urls internet coffee shop
When you use HTTPS, the addresses you visit are supposed to be encrypted, regardless of what network you’re connected to. A newly discovered vulnerability proves that’s not necessarily true.

If you’re connected to an insecure wireless network, especially one that isn’t vouched for, HTTPS alone won’t protect you, security researchers Itzik Kotler and Amit Klein said this week in a talk at the Black Hat security conference in Las Vegas. With the right configuration, a malicious network could discover every supposedly protected URL you visited.

“We will demonstrate that, by forcing your browser/system to use a malicious PAC (Proxy AutoConfiguration) resource, it is possible to leak HTTPS URLs,” says the talk’s description.

The vulnerability potentially affects Windows, Linux, and Mac computers regardless of browser: IE, Safari, and Chrome. But don’t panic about this affecting you at home, or at work. If you connect to a secure network, this doesn’t affect you. Instead, it’s something owners of supposedly free Wi-Fi networks could set up as part of a phishing operation.

It’s worth noting that the content of the sites you visit is not revealed by this vulnerability. But many sites put vital information, including usernames and even passwords, into URLs over HTTPS. It’s a bad security practice, but some developers assume that HTTPS protects information in such cases.

In other cases, even sharing the URLs you visit is too much information to give potential hackers.

The only way to truly be safe from exploits like this is to not connect to networks you cannot vouch for. If you’re in a coffee shop, verify that it offers Wi-Fi, and the network’s name, before connecting.

And even if an unsecured network is vouched for, assume that your information still might not be secure, even if you’re using HTTPS. Check out our guide to browsing the web privately, then set up a VPN or Tor to browse anonymously even on public networks. Even then, avoiding untrusted networks is probably the best bet.

Exploits like this prove that public Wi-Fi networks aren’t without risk, so take the time to inform yourself. It’s worth it.

Computing

Leaked benchmarks suggest rumored AMD GPU could be king of midrange graphics

AMD's next GPU may not be Navi-based after all. Rumors continue to build about an RX 590 which has now shown up on 3DMark's benchmark database, delivering results that easily outstrip stock clocked GTX 1060s.
Computing

Is the Pixelbook 2 still happening? Here's everything we know so far

What will the Pixelbook 2 be like? Has the Pixel Slate taken its place? Google hasn't announced it, but thanks to rumors and leaks, we think we have a pretty good idea of what the potential new flagship Chromebook will be like.
Home Theater

Dish Network or DirecTV: Which is the better choice for you?

So, you’ve chosen to go with a satellite television provider. Check out our quick rundown of what both Dish Network and DirecTV offer in terms of content, hardware, and pricing, and why you might choose them over streaming services.
Emerging Tech

Here’s all the best gear and gadgetry you can snag for $100 or less

A $100 bill can get you further than you might think -- so long as you know where to look. Check out our picks for the best tech under $100, whether you're in the market for headphones or a virtual-reality headset.
Home Theater

What is MHL, exactly, and how does it work with your TV?

There are more ways to mirror your smartphone or tablet to your TV than you might think. Check out our rundown of MHL for everything you need to know about the wired protocol and its myriad uses.
Emerging Tech

Curious how A.I. 'brains' work? Here's a super-simple breakdown of deep learning

What is deep learning? A branch of machine learning, this field deals with the creation of neural networks that are modeled after the brain and adept at dealing with large amounts of human-oriented data, like writing and voice commands.
Computing

Qualcomm’s ‘Snapdragon 1000’ could bring octa-cores to Windows laptops

The rumored Qualcomm Snapdragon 1000 CPU may bring the octa-core design of mobiles and tablets to Windows laptops, offering four powerful cores for high performance, and four low-power cores for efficiency.
Computing

Is the new Surface Pro 6 worth the extra money or is the Surface Go good enough?

Each of Microsoft’s Surface devices are great, but with the recent addition of the Surface Pro 6, you might be wondering how it stacks up against the Surface Go. In this comparison piece, we’ve put the two devices up against each other…
Computing

Is the Surface Pro 6 a sidestep, or does it blow away its predecessor?

How good is the new Surface Pro, and is it worth an upgrade? The best way to find out is to pit the Surface Pro 6 vs. Surface Pro 5 in a head to head that tests them both on performance, design, and portability.
Computing

These gloves will make virtual reality feel even more immersive

Scientists from EPFL and ETH Zurich have come up with a thin and light VR glove which makes it so that a touch of an object in the virtual world equates to the physical touch you would expect in real life.
Gaming

Apple Mac users should take a bite out of these awesome games

Contrary to popular belief, there exists a bevy of popular A-list games compatible for Mac computers. Take a look at our picks for the best Mac games available for Apple fans.
Emerging Tech

MIT is building a new $1 billion college dedicated to all things A.I.

Massachusetts Institute of Technology (MIT) has announced a new $1 billion college of computing designed to offer the best possible education to future machine learning A.I. experts.
Photography

Remove photo bombs, other unwanted objects with Photoshop’s new Content-Aware Fill

Photoshop's newest A.I-powered tool helps remove objects or fill in gaps for a distraction-free photo in the new Adobe Photoshop CC 2019. Here's how to remove an object in Photoshop using the new Content-Aware Fill.
Web

Feed your fandom: These are the best YouTube channels for sports lovers

If you're a cable cutter who still wants to enjoy quality sports highlights and analysis, YouTube is the place to go. There are plenty of great sports-centric channels on YouTube, each of which provides great highlights and top-shelf…