When you use HTTPS, the addresses you visit are supposed to be encrypted, regardless of what network you’re connected to. A newly discovered vulnerability proves that’s not necessarily true.
If you’re connected to an insecure wireless network, especially one that isn’t vouched for, HTTPS alone won’t protect you, security researchers Itzik Kotler and Amit Klein said this week in a talk at the Black Hat security conference in Las Vegas. With the right configuration, a malicious network could discover every supposedly protected URL you visited.
“We will demonstrate that, by forcing your browser/system to use a malicious PAC (Proxy AutoConfiguration) resource, it is possible to leak HTTPS URLs,” says the talk’s description.
The vulnerability potentially affects Windows, Linux, and Mac computers regardless of browser: IE, Safari, and Chrome. But don’t panic about this affecting you at home, or at work. If you connect to a secure network, this doesn’t affect you. Instead, it’s something owners of supposedly free Wi-Fi networks could set up as part of a phishing operation.
It’s worth noting that the content of the sites you visit is not revealed by this vulnerability. But many sites put vital information, including usernames and even passwords, into URLs over HTTPS. It’s a bad security practice, but some developers assume that HTTPS protects information in such cases.
In other cases, even sharing the URLs you visit is too much information to give potential hackers.
The only way to truly be safe from exploits like this is to not connect to networks you cannot vouch for. If you’re in a coffee shop, verify that it offers Wi-Fi, and the network’s name, before connecting.
And even if an unsecured network is vouched for, assume that your information still might not be secure, even if you’re using HTTPS. Check out our guide to browsing the web privately, then set up a VPN or Tor to browse anonymously even on public networks. Even then, avoiding untrusted networks is probably the best bet.
Exploits like this prove that public Wi-Fi networks aren’t without risk, so take the time to inform yourself. It’s worth it.
Related Posts
New study shows AI isn’t ready for office work
A reality check for the "replacement" theory
Google Research suggests AI models like DeepSeek exhibit collective intelligence patterns
The paper, published on arXiv with the evocative title Reasoning Models Generate Societies of Thought, posits that these models don't merely compute; they implicitly simulate a "multi-agent" interaction. Imagine a boardroom full of experts tossing ideas around, challenging each other's assumptions, and looking at a problem from different angles before finally agreeing on the best answer. That is essentially what is happening inside the code. The researchers found that these models exhibit "perspective diversity," meaning they generate conflicting viewpoints and work to resolve them internally, much like a team of colleagues debating a strategy to find the best path forward.
Microsoft tells you to uninstall the latest Windows 11 update
https://twitter.com/hapico0109/status/2013480169840001437?s=20