Untitled. How secure is HTTPS today? How often is it attacked? This is part 1 of a series on the security of HTTPS and TLS/SSL HTTPS is a lot more secure than HTTP!
If a site uses accounts, or publishes material that people might prefer to read in private, the site should be protected with HTTPS. Unfortunately, is still feasible for some attackers to break HTTPS. Leaving aside cryptographic protocol vulnerabilities, there are structural ways for its authentication mechanism to be fooled for any domain, including mail.google.com, www.citibank.com, www.eff.org, addons.mozilla.org, or any other incredibly sensitive service: Break into any Certificate Authority (or compromise the web applications that feed into it).
The EFF SSL Observatory. The EFF SSL Observatory is a project to investigate the certificates used to secure all of the sites encrypted with HTTPS on the Web.
We have downloaded datasets of all of the publicly-visible SSL certificates on the IPv4 Internet, in order to search for vulnerabilities, document the practices of Certificate Authorities, and aid researchers interested the web's encryption infrastructure. For the public, the slide decks from our DEFCON 18 and 27C3 talks are available, and you can also peruse our second map of the 650-odd organizations that function as Certificate Authorities trusted (directly or indirectly) by Mozilla or Microsoft. Map Key: Hexagon: root CA trusted by Microsoft only Black : signed 0 leaves Diamond: root CA trusted by Mozilla only Violet: signed 1-10 leaves Box : root CA trusted by both Blue : signed 11-100 leaves Ellipse: subordinate CA Green : signed 101-1000 leaves Yellow: signed 1001-10000 leaves Orange: signed 10001-100000 leaves Red : signed 100001-1000000 leaves.