Heartbleed is a scary thing . by from the violent - sounding name , the exposure in OpenSSL security protocol spans the entire net andaffects most of the sites we hump , love , and useon a daily basis . Even outside of Heartbleed , not all security protocol are created equal . So how do you bed who to trust ?
Well , it ’s complicated . There are different versions of SSL and TSL , some of which are more secure than the others , and there are several steps in the encryption process that keeps sites secure , each of which scupper the user in different ways . That ’s why the protection house Qualsyscame up with the SSL Server Test .
The examination is loose . You just typecast in a domain address , and Qualsys perform a deep analysis on the site ’s SSL server before assign it a missive gradation that distinguish you how unassailable the site is . When asked exactly how they end up with a letter grade , Qualsys explained to Gizmodo that they visit server configuration in three categories : protocol support , key telephone exchange backup , and cipher keep .
In plain English , the test first check-out procedure to see which protocols the site use ( e.g. SSL 2.0 or 3.0 versus the newer , more safe TLS 1.0 , 1.2 , or 1.3 ) . The consequence of that test , a issue mark , is factor out into the total scotch . Then , the test checks the key exchange , the process through which one party verifies the indistinguishability of the other and generates key to be used during the entire session .
at last , the psychometric test checks the strength of the site ’s cypher , which is the encryption algorithm that create the certificate used as a key between your car and the site you ’re trying to get at . The full score combines all three checks to total up with a number out of 100 . Then , the alphabetic character grade is assign much in the same way they ’re assigned in shoal . Anything over 80 is an A. A B mark is 65 or large — and so on and so away .
Because it matters , we move ahead an expect up some of the most popular sites on the internet and made a few listing for easy mention . Most of the bighearted site on the internet are thankfully reasonably unattackable . But some are more inviolable than others . The test returns result for each of the main entrance for a website , but because the grudge varies slightly based on how you get to the site , we used only the scores number for the basal domain , unless there was a major discrepancy in scores . If the test return something other than a varsity letter grade , the message is noted in citation . To see the details of each test , click the letter grade .
Top 10 Sites (based on traffic)
google.com – A
youtube.com – A
facebook.com – A-
msn.com – “ Unable to connect to server ”
yahoo.com – A
twitter.com – A-
answers.com – “ Certificate not valid ”
amazon.com – Bel
microsoft.com – atomic number 5
yelp.com – B
Top 10 Money-Related Sites (based on traffic)
paypal.com – A-
wellsfargo.com – B
irs.gov – farad
chase.com – A-
bankofamerica.com – B
capitalone.com – A-/F
hrblock.com – A-
americanexpress.com – B
citibank.com – one C
fidelity.com – B / F
Top 10 Shopping Sites (based on traffic)
ebay.com – Bel
walmart.com – degree Fahrenheit
apple.com – A-/F
target.com – F
fandango.com – F
bestbuy.com – “ Certificate name mismatch ”
etsy.com – A-
sears.com – F
homedepot.com – F
Top 10 Social Media Sites (based on traffic)
tumblr.com * – A
pinterest.com – B
linkedin.com – B / F
reddit.com – degree Fahrenheit
flickr.com – A
instagram.com – A
myspace.com – A-
sulia.com – B
- Tumblr ’s dealings is include in Yahoo.com , so its membership might vary slightly .
CybersecurityInternetSecurity
Daily Newsletter
Get the best tech , scientific discipline , and acculturation news in your inbox daily .
News from the time to come , deliver to your nowadays .
You May Also Like
