Test your machine for Superfish style SSL interceptions

By +warwagon,
in General Discussion

 Share

Recommended Posts

Grand Master

+warwagon Subscriber²

Posted
  • Subscriber²
Posted

A while ago GRC (Steve Gibson) created a page which lets you type in a web address and compare the SHA1 Fingerprint you get via the Official SHA1 Fingerprint he lists on his page, to that which your browser provides. If your browsers SHA1 hash and his don't match, then there is an interception going on. Either your AV is system scanning SSL connections, an employer is monitoring your activity or something of like likes of Superfish is up to no good.

 

This is just a good way to check to make sure nothing on your machine is intercepting your SSL connections.

 

*Disclaimer* Just because your certificates pass the test, still doesn't mean you aren't being targeted by the NSA! *Disclaimer* :)

 

16048228873_6e92e08ccc_c.jpg

 

https://www.grc.com/fingerprints.htm'

 

 

Firefox

 

Step 1

 

16489611989_f9609c7679_o.jpg

 

 

 

Step 2

 

16488182428_1ee6593c8d_o.jpg

 

Step 3

Easiest way to compare, is to highlight the SHA1 hash and copy it.

Then go to GRC's page were he lists the SHA1 hash and do a CTRL+F and paste in the hash. If they match, his will become highlighted
 

 

16674739682_9c334a994c_b.jpg

 

Chrome

 

Step 1

 

16675053692_fb1ba71252_o.jpg

 

Step 2

 

Easiest way to compare, is to highlight the SHA1 hash and copy it.

Then go to GRC's page were he lists the SHA1 hash and do a CTRL+F and paste in the hash. If they match, his will become highlighted

 

 

16489928629_06ec387f07_o.jpg

 

Internet Explorer

 

Step 1

 

16489997999_449e3ace02_o.jpg

 

Step 2

 

Easiest way to compare, is to highlight the SHA1 hash and copy it.

Then go to GRC's page were he lists the SHA1 hash and do a CTRL+F and paste in the hash. If they match, his will become highlighted

 

16489928629_06ec387f07_o.jpg

Link to comment
Share on other sites
Grand Master

+theblazingangel MVC

Posted
  • MVC
Posted

A while ago GRC (Steve Gibson) created a page which lets you type in a web address and compare the SHA1 Fingerprint you get via the Official SHA1 Fingerprint he lists on his page, to that which your browser provides. If your browsers SHA1 hash and his don't match, then there is an interception going on. Either your AV is system scanning SSL connections, an employer is monitoring your activity or something of like likes of Superfish is up to no good.

 

This is just a good way to check to make sure nothing on your machine is intercepting your SSL connections.

 

While this may be somewhat useful to confirm whether or not you have something like superfish installed, i.e. something which is doing a MITM/interception of https connections, but which hasn't been built/deployed to maliciously and covertly intercept your communications taking care to avoid detection; it is not going to necessarily help you detect interception by an authority who is trying to intercept your communications covertly, which as well as intercepting your https connection to grc.com could also easily replace the fingerprints listed on the copy of that page you are seeing with the fake ones, or could be directly intercepting grc.com retrieving it's view of those fingerprints.

 

In the latter case you could compare results across multiple different internet connections, but that won't help against mass interception by a powerful authority. The only way to be certain that you're getting the right certificate is to go (in person) directly to the right person at that company, and do a fingerprint check with them (or rely on a WOT model where one or more individuals in that trust chain have done so). Even then though there is the possibility that an authority could have demanded a copy of that company's private key, and so could be listening in actually using the genuine certificate.

 

That grc.com page and this post could potentially give a misleading sense of security.

Link to comment
Share on other sites
Grand Master

+warwagon Subscriber²

Posted
  • Author
  • Subscriber²
Posted
That grc.com page and this post could potentially give a misleading sense of security.

 

All I really wanted people to test for is Superfish style interceptions.

Link to comment
Share on other sites
Grand Master

+warwagon Subscriber²

Posted
  • Author
  • Subscriber²
Posted

I know, just best to be clear about the limitations.

 

Correct. Thanks! I added a disclaimer to the first post!

Link to comment
Share on other sites
Grand Master

cork1958

Posted
Posted

Dude,

You must be the most paranoid person on the planet!!   :s

 

At least on the internet anyway.

 

I was on one of the affected Lenovo models earlier today. Everything was good, as expected! ;)

Link to comment
Share on other sites
Grand Master

+warwagon Subscriber²

Posted
  • Author
  • Subscriber²
Posted

Dude,

You must be the most paranoid person on the planet!!   :s

 

At least on the internet anyway.

 

I was on one of the affected Lenovo models earlier today. Everything was good, as expected! ;)

 

Except had the word not got out about superfish, Everything wouldn't be good, as expected  :)

Link to comment
Share on other sites
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.