HTTPS Bypassed On Windows, Mac, And Linux

Httpsgeralt / Pixabay

HTTPS Bypassed On Windows, Mac, And Linux by Ali Raza

HTTPS was considered immune to hackers looking to track the websites visited by a user. A new hack breaks this HTTPS protection in Windows, Linux, and Mac systems. The hack can be carried by Wi-Fi hotspot operators, Ars Technica reports.

HTTPS encryption assured users that the addresses of the websites they visit could not be monitored or viewed by data snoopers and other such malicious users. However, a new hack has broken this encryption. This hack can be carried out on any network, most notably in Wi-Fi hotspots, where this encryption is most required.

This hack is possible by illicit usage of a feature called WPAD, which is short for Web Proxy Autodiscovery. Doing so will expose some browser requests to the code controlled by the attacker. The attacker can then view all the websites user visits. It is said that this exploit works in all browsers on every operating system. This HTTPS hack is scheduled to be unveiled in a Black Hast security conference in Las Vegas next week.

The enormity of this attack is still discussed. Although this attack only makes the full URL of visited websites available to the hacker, the consequences of that are too grave. This is because many websites and web services use URL to authenticate a user. For example, Google’s Dropbox uses a security token in the URL. Even some password-reset mechanisms use this token security technique. So despite the attacker gaining access only to the full URL, he or she can misuse that to great effect.

Itzik Kotler, co-founder of SafeBreach, is one of the scheduled speakers at the conference in Las Vegas next week and addressed this issue in an email. He said that this hack is of great concern, for people all over the world rely on HTTPS encryption in places where their LAN/Wi-Fi cannot be trusted. According to him, people using non-trusted networks are under threat when WPAD is enabled.

For exclusive info on hedge funds and the latest news from value investing world at only a few dollars a month check out ValueWalk Premium right here.

Multiple people interested? Check out our new corporate plan right here (We are currently offering a major discount)

About the Author

Sheeraz Raza
Sheeraz is our COO (Chief - Operations), his primary duty is curating and editing of ValueWalk. He is main reason behind the rapid growth of the business. Sheeraz previously ran a taxation firm. He is an expert in technology, he has over 5.5 years of design, development and roll-out experience for SEO and SEM. - Email: sraza(at)

1 Comment on "HTTPS Bypassed On Windows, Mac, And Linux"

  1. I’m trying to understand how the risk of what will be shown is that different than something like using SSLstrip or other tools on someone else’s network. Also, would this actually work if the site being used requires hsts?

    “According to him, people using non-trusted networks are under threat when WPAD is enabled”

    Everyone is at risk to lots of stuff when using any unstrusted network regardless of whether or not WPAD is being used.

Leave a comment

Your email address will not be published.