Test your machine for Superfish style SSL interceptions

[+Warwagon MVC]

A while ago GRC (Steve Gibson) created a page which lets you type in a web address and compare the SHA1 Fingerprint you get via the Official SHA1 Fingerprint he lists on his page, to that which your browser provides. If your browsers SHA1 hash and his don't match, then there is an interception going on. Either your AV is system scanning SSL connections, an employer is monitoring your activity or something of like likes of Superfish is up to no good.

 

This is just a good way to check to make sure nothing on your machine is intercepting your SSL connections.

 

*Disclaimer* Just because your certificates pass the test, still doesn't mean you aren't being targeted by the NSA! *Disclaimer*

 

 

https://www.grc.com/fingerprints.htm'

 

 

Firefox

 

Step 1

 

 

 

 

Step 2

 

 

Step 3

Easiest way to compare, is to highlight the SHA1 hash and copy it.

Then go to GRC's page were he lists the SHA1 hash and do a CTRL+F and paste in the hash. If they match, his will become highlighted
 

 

 

Chrome

 

Step 1

 

 

Step 2

 

Easiest way to compare, is to highlight the SHA1 hash and copy it.

Then go to GRC's page were he lists the SHA1 hash and do a CTRL+F and paste in the hash. If they match, his will become highlighted

 

 

 

Internet Explorer

 

Step 1

 

 

Step 2

 

Easiest way to compare, is to highlight the SHA1 hash and copy it.

Then go to GRC's page were he lists the SHA1 hash and do a CTRL+F and paste in the hash. If they match, his will become highlighted

 

[zhangm Supervisor]

Thread moved from Introduce Yourself to Internet, Network & Security.

[+Warwagon MVC]

Is anyone finding any interceptions?

[+theblazingangel MVC]

  On 28/02/2015 at 04:13, warwagon said:

A while ago GRC (Steve Gibson) created a page which lets you type in a web address and compare the SHA1 Fingerprint you get via the Official SHA1 Fingerprint he lists on his page, to that which your browser provides. If your browsers SHA1 hash and his don't match, then there is an interception going on. Either your AV is system scanning SSL connections, an employer is monitoring your activity or something of like likes of Superfish is up to no good.

 

This is just a good way to check to make sure nothing on your machine is intercepting your SSL connections.

 

While this may be somewhat useful to confirm whether or not you have something like superfish installed, i.e. something which is doing a MITM/interception of https connections, but which hasn't been built/deployed to maliciously and covertly intercept your communications taking care to avoid detection; it is not going to necessarily help you detect interception by an authority who is trying to intercept your communications covertly, which as well as intercepting your https connection to grc.com could also easily replace the fingerprints listed on the copy of that page you are seeing with the fake ones, or could be directly intercepting grc.com retrieving it's view of those fingerprints.

 

In the latter case you could compare results across multiple different internet connections, but that won't help against mass interception by a powerful authority. The only way to be certain that you're getting the right certificate is to go (in person) directly to the right person at that company, and do a fingerprint check with them (or rely on a WOT model where one or more individuals in that trust chain have done so). Even then though there is the possibility that an authority could have demanded a copy of that company's private key, and so could be listening in actually using the genuine certificate.

 

That grc.com page and this post could potentially give a misleading sense of security.

[+Warwagon MVC]

  On 28/02/2015 at 23:23, theblazingangel said:

That grc.com page and this post could potentially give a misleading sense of security.

 

All I really wanted people to test for is Superfish style interceptions.

[+theblazingangel MVC]

  On 28/02/2015 at 23:28, warwagon said:

All I really wanted people to test for is Superfish style interceptions.

 

I know, just best to be clear about the limitations.

[+Warwagon MVC]

  On 28/02/2015 at 23:31, theblazingangel said:

I know, just best to be clear about the limitations.

 

Correct. Thanks! I added a disclaimer to the first post!

[xendrome]

<<Moved to General so more people see it>>

[Krome]

No interception here

[+Raze Subscriber²]

None here.

[123456789A]

I tried https://www.nsa.gov

 

It was ok, but I think the NSA was intercepting it anyway.

[cork1958]

Dude,

You must be the most paranoid person on the planet!!  

 

At least on the internet anyway.

 

I was on one of the affected Lenovo models earlier today. Everything was good, as expected!

[+Warwagon MVC]

  On 01/03/2015 at 04:03, cork1958 said:

Dude,

You must be the most paranoid person on the planet!!  

 

At least on the internet anyway.

 

I was on one of the affected Lenovo models earlier today. Everything was good, as expected!

 

Except had the word not got out about superfish, Everything wouldn't be good, as expected 

[+Raze Subscriber²]

  On 01/03/2015 at 00:46, Enron said:

I tried https://www.nsa.gov

 

It was ok, but I think the NSA was intercepting it anyway.

 

Edward says you work there..........  

[T3X4S]

Pfft - who is this Steve Gibson character... like he knows anything 

[+John Teacake MVC]

None Here. 

[Steven P. Administrators]

added https://www.neowin.net/news/from-the-forums-test-your-machine-for-superfish-style-ssl-interceptions