soilentgreen

Can hackers exploited not secured connections?

Recommended Posts

What is the difference between HTTPS and HTTP to hackers that want to put malicious software in not secure website, instead of the real one? Can they do it? 

For example: 7zip is open source software without signature verification and the website is not secured. So If hackers decides to do it, how can we know if we downloaded the real file? The BB will alert anyway because the file without signature verification.

This is not something hackers can exploited? I mean it's open source without signature verification, and everyone download it from the unsecured website.

Thank you.

 

Share this post


Link to post
Share on other sites
8 hours ago, soilentgreen said:

What is the difference between HTTPS and HTTP to hackers that want to put malicious software in not secure website, instead of the real one? Can they do it? 

For example: 7zip is open source software without signature verification and the website is not secured. So If hackers decides to do it, how can we know if we downloaded the real file? The BB will alert anyway because the file without signature verification.

This is not something hackers can exploited? I mean it's open source without signature verification, and everyone download it from the unsecured website.

Thank you.

 

HTTP = HyperText Transfer Protocol

HTTPS = HyperText Transfer Protocol Secure

The word Secure means a type of encryption to protect the data transfer between you and the server or website you are using. This secured connection keeps your information safe from hackers.

Using HTTPS, the computers agree on a "code" between them, and then they scramble the messages using that "code" so that no one in between can read them.

Look at this post I found for you, I'll read it myself

https://www.theproblemsite.com/ask/2016/02/http-vs-https-difference

I'll give some more information on this after I return home in a few others. I will study this myself.

 

  • Upvote 1

Share this post


Link to post
Share on other sites
10 hours ago, soilentgreen said:

For example: 7zip is open source software without signature verification and the website is not secured. So If hackers decides to do it, how can we know if we downloaded the real file? The BB will alert anyway because the file without signature verification.

This is not something hackers can exploited?

The secure connection (HTTPS vs HTTP) has nothing to do with whether or not the website is secure. It has to do with whether or not your connection to the website is secure, which is intended to prevent snooping on communication between you and the server more than it is anything else. Man-in-the-middle attacks can still expose the contents of secure connections, but if a website is configured correctly then it is extremely difficult to do that.

A hacker can compromise a website and replace legitimate downloads with infected copies, and this has happened before (ClassicShell and AmmyAdmin are a couple of examples). With popular software (7-Zip for instance) there shouldn't be a BB alert, since it would be trusted by our Anti-Malware Network. With less popular software, it does become more problematic, however a user can search for the SHA-1 hash provided in the alert and try to find information about the file in question.

  • Upvote 2

Share this post


Link to post
Share on other sites
On 3/8/2017 at 11:37 AM, David F. M. said:

HTTP = HyperText Transfer Protocol

HTTPS = HyperText Transfer Protocol Secure

The word Secure means a type of encryption to protect the data transfer between you and the server or website you are using. This secured connection keeps your information safe from hackers.

Using HTTPS, the computers agree on a "code" between them, and then they scramble the messages using that "code" so that no one in between can read them.

Look at this post I found for you, I'll read it myself

https://www.theproblemsite.com/ask/2016/02/http-vs-https-difference

I'll give some more information on this after I return home in a few others. I will study this myself.

 

Thank you for the information.

Share this post


Link to post
Share on other sites
On 3/8/2017 at 1:42 PM, GT500 said:

The secure connection (HTTPS vs HTTP) has nothing to do with whether or not the website is secure. It has to do with whether or not your connection to the website is secure, which is intended to prevent snooping on communication between you and the server more than it is anything else. Man-in-the-middle attacks can still expose the contents of secure connections, but if a website is configured correctly then it is extremely difficult to do that.

A hacker can compromise a website and replace legitimate downloads with infected copies, and this has happened before (ClassicShell and AmmyAdmin are a couple of examples). With popular software (7-Zip for instance) there shouldn't be a BB alert, since it would be trusted by our Anti-Malware Network. With less popular software, it does become more problematic, however a user can search for the SHA-1 hash provided in the alert and try to find information about the file in question.

Thank you for the your explanation Arthur, it was something I wanted to understand a long time ago.

Share this post


Link to post
Share on other sites
On 08/03/2017 at 1:42 PM, GT500 said:

The secure connection (HTTPS vs HTTP) has nothing to do with whether or not the website is secure. It has to do with whether or not your connection to the website is secure, which is intended to prevent snooping on communication between you and the server more than it is anything else. Man-in-the-middle attacks can still expose the contents of secure connections, but if a website is configured correctly then it is extremely difficult to do that.

A hacker can compromise a website and replace legitimate downloads with infected copies, and this has happened before (ClassicShell and AmmyAdmin are a couple of examples). With popular software (7-Zip for instance) there shouldn't be a BB alert, since it would be trusted by our Anti-Malware Network. With less popular software, it does become more problematic, however a user can search for the SHA-1 hash provided in the alert and try to find information about the file in question.

Thank you for your excellent explanation. It is a type of securing the transmission of data between the user and the website.

You also troubled me!! So if a malware source website is in HTTPS, the infection from the website into the soon-to-be-compromised system will be securely transmitted !!!!!! WOW!!!

Alsom if it is a secure website, the login & use experience will be safe. That's the cool part. Here I have a question

If the website and the HTTPS connection are both secure, can a hacker hack the web browser during the user's session if other open tabs are not used while using another secure one? I mean just opening the page without activity on it such as psoting, browsing, downloading, etc.

Quote

(ClassicShell and AmmyAdmin are a couple of examples)

I have never saw these words before and do not know what they are .

 

Share this post


Link to post
Share on other sites

I have another question Arthur:

So we can know if our connection to a website is secure (HTTP or  HTTPS), but there's any indication to know whether a website itself is secure and the level of the secure?

Share this post


Link to post
Share on other sites
On 3/11/2017 at 6:09 PM, David F. M. said:

You also troubled me!! So if a malware source website is in HTTPS, the infection from the website into the soon-to-be-compromised system will be securely transmitted !!!!!! WOW!!!

It doesn't matter if it is securely transmitted or not. Your browser decrypts the HTTPS traffic when it is received, so the file would be saved in its original form, and our protection would catch it either way. HTTPS (secure connections) are only intended to keep information being exchanged over the Internet private. For instance, if you do a search on your favorite search engine, and the connection to their website uses HTTPS (and thus is secure), then when the NSA records the data that is sent from your computer to the search engine tell it what you want to search for, that data is encrypted, and thus the NSA can't actually tell what you searched for if they were to review the data they had collected (obviously they may have other ways of finding out, but at least they can't get it from the HTTPS traffic).

Of course, I'm using the NSA as an example due to the various leaks revealing that they record everything that is transmitted across the Internet. The original purpose of HTTPS was to secure online purchases and other information you submit to websites from criminals snooping on data sent across the Internet.

If malware is downloaded over a secure connection, then all it really does is keep anyone from snooping on your Internet traffic (or government agencies recording everything you do online) from seeing what you downloaded.

 

On 3/11/2017 at 6:09 PM, David F. M. said:

If the website and the HTTPS connection are both secure, can a hacker hack the web browser during the user's session if other open tabs are not used while using another secure one? I mean just opening the page without activity on it such as psoting, browsing, downloading, etc.

That sort of thing would generally be done either with malicious extensions, or some sort of malicious program on your computer. If there is something malicious on your computer, then everything is compromised, and not just a single tab.

Note that most modern browsers (except maybe Firefox) have a sandbox for each tab in the browser, which should isolate the tabs from each other.

 

On 3/11/2017 at 6:09 PM, David F. M. said:
Quote

(ClassicShell and AmmyAdmin are a couple of examples)

I have never saw these words before and do not know what they are .

ClassicShell is a program for Windows 8, Windows 8.1, and Windows 10 that adds the classic Windows 7 Start Menu to these newer versions of Windows. AmmyAdmin is a remote access software similar to TeamViewer.

 

On 3/11/2017 at 11:08 PM, soilentgreen said:

So we can know if our connection to a website is secure (HTTP or  HTTPS), but there's any indication to know whether a website itself is secure and the level of the secure?

There are testing organizations/companies that will test websites for security problems periodically, and some website owners will sign up for those services to ensure their websites are secure. With paid services the website owners are usually allowed to put some sort of graphic on their website that links back to the latest test results to allow visitors to verify whether or not the website is secure. If you see one of those graphics on a page, and can click on it to verify that it is valid, then the website is more than likely secure.

If there is no such graphic on a website, then there will be no publicly available way to verify the website is secure, however this does not mean the website unsafe. As an example, GT500.org doesn't have a graphic/button/etc. that you can click on to see if the website has been tested, however it is tested weekly for security vulnerabilities by Beyond Security and is almost always given the highest possible score (when it isn't, any security issues are dealt with quickly).

  • Upvote 2

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.