Understanding the prevalence of web traffic interception
A study published at NDSS 2017 found that between 4% and 10% of web's encrypted traffic (HTTPS) is intercepted, posing serious security risks as they weaken the encryption used to secure communications. Interception products often impersonate websites without users' knowledge by adding their own "root" certificate to the computer trust store. The study also revealed that while not always malicious, web traffic is primarily intercepted for two reasons: improving security and performing malicious activities. Furthermore, HTTPS implementations used for interception do not have the same automatic update mechanisms as browsers, making fixes less likely to be rolled out.
Company
Cloudflare
Date published
Sept. 12, 2017
Author(s)
Guest Author
Word count
1667
Language
English
Hacker News points
12