SSL (Secure Sockets Layer) is a protocol that uses encryption to transmit data between servers and browsers securely. The electronic file that this protocol enables is called an SSL certificate, and by installing the SSL certificate on the server, secure communication using the SSL protocol is possible. Also, the company can be identified through the name of the company inside the certificate.
As of September 2020, SSL certificates can be issued for a maximum of one year. They are not automatically renewed, so website owners must reissue and install the certificate before the expiration date each year to ensure that secure communication can continue.
If you miss the renewal period and let it expire, the information you type in your browser could be exposed and potentially harmful. Among other things, it exposes weak security settings and poorly operated services, which can have a devastating effect on user trust and the image of the website and service provider.
For example, Spotify, the world’s largest music streaming site, recently received strong criticism from users for missing the renewal period of the certificate and not providing the service normally.
If you use the filter ssl_expired in Asset Search on Criminal IP (https://www.criminalip.io), you can check whether the SSL certificate on the internet page has expired or not.
[Criminal IP Search 101- How to Find Expired SSL Certificate Websites]
Search Keyword: “ssl_expired: true”

Using the ‘ssl_expired: true’ filter, more than 11 million web pages with expired SSL certificates were found

This screen shows that the SSL certificate of the website has expired, which undermines the credibility of the website.
Search Expired SSL Certificates Using Additional AS Name and HTML Filter
If you add a filter called ‘as_name’ to the Search results filter above, you can narrow down the web pages that have expired SSL certificates by a specific company.
Search Keyword: “as_name: Spotify ssl_expired: true”

Among the web browsers operated by Spotify, seven pages with expired SSL certificates are identified.
We have also examined web pages operated by IKEA, another well-known multinational company, that have expired SSL certificates, and among them, we have found sites that provide VPN services.
Search Keyword: “as_name: IKEA IT AB ssl_expired: true”

Website providing VPN service owned by IKEA found by searching for ‘as_name: Ikea IT AB ssl_expired: true’
Moreover, suppose a web browser that collects users’ information through a login function has an expired certificate. In that case, the user’s personal information could be leaked through a hacking attack. This can cause the worst damage to both service operating companies and users, so special attention is necessary from the web page operator.
You can also use the ‘html_meta_title’ filter to find login pages with expired SSL certificates.

Search for “html_meta_title: login, ssl_expired: true” to find a login page with expired SSL certificates, more than 200 cases are searched

Login page with an expired SSL certificate. It is marked “Not secure” at the address bar.
Source : Criminal IP (https://www.criminalip.io)
Leave a Reply