Showing source for: https://www.grc.com/fingerprints.htm
Duration: 0.954632s
Server: GRC/IIS Hybrid Application Webserver

<!DOCTYPE html>
<html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml">
    <head>
        <title>
   GRC&nbsp;|&nbsp;SSL TLS HTTPS Web Server Certificate Fingerprints&nbsp;&nbsp;
        </title>
        <!-- ChangeDetection.com detection="off" -->
        <meta content="Steve Gibson, GIBSON RESEARCH CORPORATION" name="author">
        <meta content="server https ssl tls certificate fingerprints, steve gibson" name="keywords">
        <meta content="GRC's HTTPS Web Server Certificate Fingerprint Service" name="description">
        <meta content="" name="sitemenu">
        <style type="text/css">
            .chart tr {
                color               : #00a;
                text-align          : right;
                font-family         : "Courier New", Courier, monospace;
            }
            .chart td {
                border-bottom       : 1px #666 solid;
                border-right        : 1px #666 solid;
                padding             : 4px 10px;
            }
            .tightchart td {
                padding             : 2px 10px;
            }
            .dark {
                background          : #e8e8e8;
            }
            .light {
                background          : #fcfcfc;
            }
            .top {
                text-align          : center;
                border-top          : 1px #666 solid;
                color               : grey;
            }
            .topleft {
                text-align          : center;
                color               : grey;
            }
            .left {
                border-left         : 1px #666 solid;
                color               : black;
            }
            .ledge {
                border-left         : 1px #666 solid;
            }
            .label {
                font-size           : 12pt;
                font-family         : Arial, Helvetica, sans-serif;
                text-align          : center;
            }
            .cert {
                font-size           : smaller;
                color               : #666;
            }
        </style>
        <meta content="default-src 'none'; form-action 'self'; img-src 'self' https://www.grctech.com https://x.steve; style-src 'self' 'unsafe-inline' https://*.grc.com https://x.steve; upgrade-insecure-requests 'self' https://*.grc.com" http-equiv="Content-Security-Policy">
        <meta content="text/html; charset=utf-8" http-equiv="Content-Type">
        <meta content="text/css" http-equiv="Content-Style-Type">
        <meta content='(pics-1.1 "http://www.rsac.org/ratingsv01.html" l gen true comment "RSACi North America Server" by "offices_@_grc.com" for "https://www.grc.com" on "1998.03.30T21:20-0800" r (n 0 s 0 v 0 l 0))' http-equiv="pics-label">
        <meta content='(pics-1.1 "http://www.icra.org/ratingsv02.html" l gen true for "https://www.grc.com" r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true for "https://www.grc.com" r (n 0 s 0 v 0 l 0))' http-equiv="pics-label">
        <link href="https://www.grc.com/_zjvpugn0pc0ji_/favicon.ico" rel="icon" type="image/x-icon">
        <link href="https://www.grc.com/_zjvpugn0pc0ji_/favicon.ico" rel="shortcut icon" type="image/x-icon">
        <link href="https://www.grc.com/labels.rdf" rel="meta" title="ICRA labels" type="application/rdf+xml">
        <link href="/_zjvpugn0pc0ji_/grc.css" media="all" rel="stylesheet" type="text/css">
        <link href="/_zjvpugn0pc0ji_/mainmenu.css" media="all" rel="stylesheet" type="text/css">
        <link href="https://www.grctech.com/_zjvpugn0pc0ji_/thirdparty.css" media="all" rel="stylesheet" type="text/css">
    </head>
    <body alink="#FF0000" link="#CC0000" vlink="#006666">
        <a name="top">
        </a>
        <!-- ########################## GRC Masthead Menu ########################## -->
        <div class="menuminwidth0">
            <div class="menuminwidth1">
                <div class="menuminwidth2">
                    <div id="masthead">
                        <a href="/default.htm">
                            <img alt="Gibson Research Corporation" height="24" id="mastheadlogo" src="/mh-logo.gif" title="" width="286">
                        </a>
                        <img alt="" height="13" id="focus" src="/mh-focus.gif" title="What we're about" width="121">
                        <a href="/news.htm">
                            <img alt="blog icon" height="22" id="blogicon" src="/image/menublogicon.png" title="To our news and announcements page" width="22">
                        </a>
                        <a href="/news.htm">
                            <img alt="Twitter Icon" height="22" id="twittericon" src="/image/menutwittericon.png" title="To our news and announcements page" width="22">
                        </a>
                        <a href="/news.htm">
                            <img alt="RSS Icon" height="22" id="rssicon" src="/image/menurssicon.png" title="To our news and announcements page" width="22">
                        </a>
                    </div>
                    <div class="menu">
                        <ul>
                            <li>
                                <a href="/default.htm">
                                    <img alt="[Home]" height="18" src="/mb-home.gif" title="" width="76">
                                    <!--[if gt IE 6]><!-->
                                </a>
                                <!--<![endif]-->
                                <!--[if lt IE 7]><table border="0" cellpadding="0" cellspacing="0"><tr><td><![endif]-->
                                <ul class="leftbutton">
                                    <li>
                                        <a href="/purchasing.htm">
           &nbsp;Purchasing
                                        </a>
                                    </li>
                                    <li>
                                        <a href="/sales.htm">
                                            &nbsp;Sales Support
                                        </a>
                                    </li>
                                    <li>
                                        <a href="/support.htm">
                                            &nbsp;Technical Support
                                        </a>
                                    </li>
                                    <li>
                                        <a href="/default.htm#bottom">
                                            &nbsp;Contact Us
                                        </a>
                                    </li>
                                    <li>
                                        <a href="/news.htm">
                                            &nbsp;Blogs, Twitter &amp; RSS
                                        </a>
                                    </li>
                                    <li>
                                        <a href="/privacy.htm">
                                            &nbsp;Privacy Policy
                                        </a>
                                    </li>
                                    <!--			<li><a href="/siteoptions.htm">&nbsp;Site Options</a></li>			-->
                                    <li>
                                        <a href="/stevegibson.htm">
           &nbsp;Steve's Projects Page
                                        </a>
                                    </li>
                                    <li>
                                        <a href="/resume.htm">
                                            &nbsp;Steve's Old Resume
                                        </a>
                                    </li>
                                </ul>
                                <!--[if lte IE 6]></td></tr></table></a><![endif]-->
                            </li>
                        </ul>
                        <ul>
                            <li>
                                <a href="/sr/spinrite.htm">
                                    <img alt="[Products]" height="18" src="/mb-products.gif" title="" width="96">
                                    <!--[if gt IE 6]><!-->
                                </a>
                                <!--<![endif]-->
                                <!--[if lt IE 7]><table border="0" cellpadding="0" cellspacing="0"><tr><td><![endif]-->
                                <ul>
                                    <li>
                                        <a href="/sr/spinrite.htm">
           &nbsp;General information
                                        </a>
                                    </li>
                                    <li>
                                        <a href="/sr/whatitdoes.htm">
                                            &nbsp;What SpinRite Does
                                        </a>
                                    </li>
                                    <li>
                                        <a href="/sr/testimonials.htm">
                                            &nbsp;User testimonials
                                        </a>
                                    </li>
                                    <li>
                                        <a href="/sr/smart.htm">
                                            &nbsp;S.M.A.R.T. Monitor
                                        </a>
                                    </li>
                                    <li>
                                        <a href="/cs/prepurch.htm">
                                            &nbsp;Purchase SpinRite
                                        </a>
                                    </li>
                                    <li>
                                        <a href="/sr/faq.htm">
                                            &nbsp;FAQ
                                        </a>
                                    </li>
                                    <li>
                                        <a href="/sr/themovie.htm">
                                            &nbsp;Demo Videos
                                        </a>
                                    </li>
                                    <li>
                                        <a href="/sr/kb/b04e.htm">
                                            &nbsp;Knowledgebase: B04E
                                        </a>
                                    </li>
                                    <li>
                                        <a href="/sr/kb/sata.htm">
                                            &nbsp;Knowledgebase: SATA
                                        </a>
                                    </li>
                                    <li>
                                        <a href="/sr/kb/badbios.htm">
                                            &nbsp;Knowledgebase: BIOS
                                        </a>
                                    </li>
                                    <li>
                                        <a href="/sroverview.htm">
                                            &nbsp;SpinRite v5.0 pages
                                        </a>
                                    </li>
                                </ul>
                                <!--[if lte IE 6]></td></tr></table></a><![endif]-->
                            </li>
                        </ul>
                        <ul>
                            <li>
                                <a href="/x/ne.dll?bh0bkyd2">
                                    <img alt="[Services]" height="18" src="/mb-services.gif" title="" width="94">
                                    <!--[if gt IE 6]><!-->
                                </a>
                                <!--<![endif]-->
                                <!--[if lt IE 7]><table border="0" cellpadding="0" cellspacing="0"><tr><td><![endif]-->
                                <ul>
                                    <li>
                                        <a href="/x/ne.dll?bh0bkyd2">
           &nbsp;ShieldsUP!
                                        </a>
                                    </li>
                                    <li>
                                        <a href="/revocation.htm">
                                            &nbsp;Certificate Revocation
                                        </a>
                                    </li>
                                    <li>
                                        <a href="/haystack.htm">
                                            &nbsp;Password Haystacks
                                        </a>
                                    </li>
                                    <li>
                                        <a href="/fingerprints.htm">
                                            &nbsp;HTTPS Fingerprints
                                        </a>
                                    </li>
                                    <li>
                                        <a href="/securitynow.htm">
                                            &nbsp;Security Now!
                                        </a>
                                    </li>
                                    <li>
                                        <a href="/dns/dns.htm">
                                            &nbsp;DNS Spoofability Test
                                        </a>
                                    </li>
                                    <li>
                                        <a href="/passwords.htm">
                                            &nbsp;Perfect Passwords
                                        </a>
                                    </li>
                                    <li>
                                        <a href="/ppp.htm">
                                            &nbsp;PPP Passwords
                                        </a>
                                    </li>
                                    <li>
                                        <a href="/media.htm">
                                            &nbsp;Tech TV video clips
                                        </a>
                                    </li>
                                    <li>
                                        <a href="/discussions.htm">
                                            &nbsp;Newsgroup Discussions
                                        </a>
                                    </li>
                                </ul>
                                <!--[if lte IE 6]></td></tr></table></a><![endif]-->
                            </li>
                        </ul>
                        <ul>
                            <li>
                                <a href="/freepopular.htm">
                                    <img alt="[Freeware]" height="18" src="/mb-freeware.gif" title="" width="98">
                                    <!--[if gt IE 6]><!-->
                                </a>
                                <!--<![endif]-->
                                <!--[if lt IE 7]><table border="0" cellpadding="0" cellspacing="0"><tr><td><![endif]-->
                                <ul class="skinny">
                                    <li>
                                        <center>
                                            <a href="/sqrl/sqrl.htm">
                                                <b>
             SQRL
                                                </b>
                                            </a>
                                        </center>
                                    </li>
                                    <li>
                                        <a href="">
                                            <span class="drop">
                                                <span>
                                                    Security
                                                </span>
                                                &raquo;
                                            </span>
                                            <!--[if gt IE 6]><!-->
                                        </a>
                                        <!--<![endif]-->
                                        <!--[if lt IE 7]><table border="0" cellpadding="0" cellspacing="0"><tr><td><![endif]-->
                                        <ul>
                                            <li>
                                                <a href="/inspectre.htm">
             &nbsp;InSpectre
                                                </a>
                                            </li>
                                            <li>
                                                <a href="/securable.htm">
                                                    &nbsp;Securable
                                                </a>
                                            </li>
                                            <li>
                                                <a href="/lt/leaktest.htm">
                                                    &nbsp;Leaktest
                                                </a>
                                            </li>
                                            <li>
                                                <a href="/stm/shootthemessenger.htm">
                                                    &nbsp;Shoot the messenger
                                                </a>
                                            </li>
                                            <li>
                                                <a href="/unpnp/unpnp.htm">
                                                    &nbsp;Unplug n' Pray
                                                </a>
                                            </li>
                                            <li>
                                                <a href="/freeware/dcom.htm">
                                                    &nbsp;DCOMbobulator
                                                </a>
                                            </li>
                                            <li>
                                                <a href="/wmf/wmf.htm">
                                                    &nbsp;MouseTrap
                                                </a>
                                            </li>
                                            <li>
                                                <a href="/wmf/wmf.htm">
                                                    &nbsp;MouseTrapCmd
                                                </a>
                                            </li>
                                        </ul>
                                        <!--[if lte IE 6]></td></tr></table></a><![endif]-->
                                    </li>
                                    <li>
                                        <a href="">
                                            <span class="drop">
                                                <span>
             Utilities
                                                </span>
                                                &raquo;
                                            </span>
                                            <!--[if gt IE 6]><!-->
                                        </a>
                                        <!--<![endif]-->
                                        <!--[if lt IE 7]><table border="0" cellpadding="0" cellspacing="0"><tr><td><![endif]-->
                                        <ul>
                                            <li>
                                                <a href="/bootable.htm">
             &nbsp;BootAble
                                                </a>
                                            </li>
                                            <li>
                                                <a href="/validrive.htm">
                                                    &nbsp;ValiDrive
                                                </a>
                                            </li>
                                            <li>
                                                <a href="/incontrol.htm">
                                                    &nbsp;
                                                    <b>
                                                        In
                                                    </b>
                                                    Control
                                                </a>
                                            </li>
                                            <li>
                                                <a href="/readspeed.htm">
                                                    &nbsp;ReadSpeed
                                                </a>
                                            </li>
                                            <li>
                                                <a href="/dns/benchmark.htm">
                                                    &nbsp;DNS Benchmark
                                                </a>
                                            </li>
                                            <li>
                                                <a href="/initdisk.htm">
                                                    &nbsp;InitDisk
                                                </a>
                                            </li>
                                            <li>
                                                <a href="/never10.htm">
                                                    &nbsp;Never 10&nbsp;&nbsp;(no upgrade)
                                                </a>
                                            </li>
                                            <li>
                                                <a href="/wizmo/wizmo.htm">
                                                    &nbsp;Wizmo
                                                </a>
                                            </li>
                                            <li>
                                                <a href="/id/idserve.htm">
                                                    &nbsp;ID Serve
                                                </a>
                                            </li>
                                            <li>
                                                <a href="/freeware/clickey.htm">
                                                    &nbsp;ClicKey
                                                </a>
                                            </li>
                                            <li>
                                                <a href="/ct/cleartype.htm">
                                                    &nbsp;Free &amp; Clear
                                                </a>
                                            </li>
                                            <li>
                                                <a href="/tip/id.htm">
                                                    &nbsp;IDentity (ASPI)
                                                </a>
                                            </li>
                                        </ul>
                                        <!--[if lte IE 6]></td></tr></table></a><![endif]-->
                                    </li>
                                    <li>
                                        <a href="">
                                            <span class="drop">
                                                <span>
             Obsolete
                                                </span>
                                                &raquo;
                                            </span>
                                            <!--[if gt IE 6]><!-->
                                        </a>
                                        <!--<![endif]-->
                                        <!--[if lt IE 7]><table border="0" cellpadding="0" cellspacing="0"><tr><td><![endif]-->
                                        <ul>
                                            <li>
                                                <a href="/cih/cih.htm">
             &nbsp;FIX-CIH
                                                </a>
                                            </li>
                                            <li>
                                                <a href="/tip/clickdeath.htm">
                                                    &nbsp;TIP (trouble in paradise)
                                                </a>
                                            </li>
                                            <li>
                                                <a href="/oo-update.htm">
                                                    &nbsp;OptOut
                                                </a>
                                            </li>
                                            <li>
                                                <a href="/xpdite/xpdite.htm">
                                                    &nbsp;XPdite
                                                </a>
                                            </li>
                                            <li>
                                                <a href="/faq-shieldsup.htm">
                                                    &nbsp;NoShare
                                                </a>
                                            </li>
                                            <li>
                                                <a href="/faq-shieldsup.htm">
                                                    &nbsp;LetShare
                                                </a>
                                            </li>
                                            <li>
                                                <a href="/pw/patchwork.htm">
                                                    &nbsp;Patchwork
                                                </a>
                                            </li>
                                        </ul>
                                        <!--[if lte IE 6]></td></tr></table></a><![endif]-->
                                    </li>
                                </ul>
                                <!--[if lte IE 6]></td></tr></table></a><![endif]-->
                            </li>
                        </ul>
                        <ul>
                            <li>
                                <a href="">
                                    <img alt="[Research]" height="18" src="/mb-research.gif" title="" width="98">
                                    <!--[if gt IE 6]><!-->
                                </a>
                                <!--<![endif]-->
                                <!--[if lt IE 7]><table border="0" cellpadding="0" cellspacing="0"><tr><td><![endif]-->
                                <ul class="skinny">
                                    <li>
                                        <a href="">
                                            <span class="drop">
                                                <span>
             General
                                                </span>
                                                &raquo;
                                            </span>
                                            <!--[if gt IE 6]><!-->
                                        </a>
                                        <!--<![endif]-->
                                        <!--[if lt IE 7]><table border="0" cellpadding="0" cellspacing="0"><tr><td><![endif]-->
                                        <ul>
                                            <li>
                                                <a href="/malware.htm">
             &nbsp;Malware Repository
                                                </a>
                                            </li>
                                            <li>
                                                <a href="/sqrl/sqrl.htm">
                                                    &nbsp;SQRL&nbsp;Login&nbsp;Technology
                                                </a>
                                            </li>
                                            <li>
                                                <a href="/ssl/ev.htm">
                                                    &nbsp;EV SSL/TLS Certificates
                                                </a>
                                            </li>
                                            <li>
                                                <a href="/otg/uheprng.htm">
                                                    &nbsp;Ultra-high entropy PRNG
                                                </a>
                                            </li>
                                            <li>
                                                <a href="/menudemo.htm">
                                                    &nbsp;Pure CSS web menus
                                                </a>
                                            </li>
                                            <li>
                                                <a href="/nat/nat.htm">
                                                    &nbsp;NAT router security
                                                </a>
                                            </li>
                                            <li>
                                                <a href="/pda/palmpower.htm">
                                                    &nbsp;PDA max battery life
                                                </a>
                                            </li>
                                        </ul>
                                        <!--[if lte IE 6]></td></tr></table></a><![endif]-->
                                    </li>
                                    <li>
                                        <a href="">
                                            <span class="drop">
                                                <span>
             Pending
                                                </span>
                                                &raquo;
                                            </span>
                                            <!--[if gt IE 6]><!-->
                                        </a>
                                        <!--<![endif]-->
                                        <!--[if lt IE 7]><table border="0" cellpadding="0" cellspacing="0"><tr><td><![endif]-->
                                        <ul>
                                            <li>
                                                <a href="/nf/netfilter.htm">
             &nbsp;GRC NetFilter
                                                </a>
                                            </li>
                                            <li>
                                                <a href="/tp/trustpuppy.htm">
                                                    &nbsp;TrustPuppy
                                                </a>
                                            </li>
                                        </ul>
                                        <!--[if lte IE 6]></td></tr></table></a><![endif]-->
                                    </li>
                                    <li>
                                        <a href="">
                                            <span class="drop">
                                                <span>
             Historical
                                                </span>
                                                &raquo;
                                            </span>
                                            <!--[if gt IE 6]><!-->
                                        </a>
                                        <!--<![endif]-->
                                        <!--[if lt IE 7]><table border="0" cellpadding="0" cellspacing="0"><tr><td><![endif]-->
                                        <ul>
                                            <li>
                                                <a href="/worms/25-01-03.htm">
             &nbsp;Worm wars of 2001
                                                </a>
                                            </li>
                                            <li>
                                                <a href="/downloaders.htm">
                                                    &nbsp;File downloader spying
                                                </a>
                                            </li>
                                            <li>
                                                <a href="/ct/ctwhat.htm">
                                                    &nbsp;Sub-pixel font rendering
                                                </a>
                                            </li>
                                            <li>
                                                <a href="/su/earthlink.htm">
                                                    &nbsp;Earthlink browser tag
                                                </a>
                                            </li>
                                            <li>
                                                <a href="/tip/codfaq1.htm">
                                                    &nbsp;ZIP &amp; JAZ click of death
                                                </a>
                                            </li>
                                        </ul>
                                        <!--[if lte IE 6]></td></tr></table></a><![endif]-->
                                    </li>
                                    <li>
                                        <a href="">
                                            <span class="drop">
                                                <span>
             Dormant
                                                </span>
                                                &raquo;
                                            </span>
                                            <!--[if gt IE 6]><!-->
                                        </a>
                                        <!--<![endif]-->
                                        <!--[if lt IE 7]><table border="0" cellpadding="0" cellspacing="0"><tr><td><![endif]-->
                                        <ul>
                                            <li>
                                                <a href="/vpn/vpn.htm">
             &nbsp;OpenVPN
                                                </a>
                                            </li>
                                            <li>
                                                <a href="/r&amp;d/assimilator.htm">
                                                    &nbsp;The Assimilator
                                                </a>
                                            </li>
                                            <li>
                                                <a href="/aspi_me.htm">
                                                    &nbsp;ASPI ME
                                                </a>
                                            </li>
                                        </ul>
                                        <!--[if lte IE 6]></td></tr></table></a><![endif]-->
                                    </li>
                                    <li>
                                        <a href="/health.htm">
                                            <span class="drop">
                                                <span>
             Health
                                                </span>
                                                &raquo;
                                            </span>
                                            <!--[if gt IE 6]><!-->
                                        </a>
                                        <!--<![endif]-->
                                        <!--[if lt IE 7]><table border="0" cellpadding="0" cellspacing="0"><tr><td><![endif]-->
                                        <ul>
                                            <li>
                                                <a href="/health.htm">
             &nbsp;Health Homepage
                                                </a>
                                            </li>
                                            <li>
                                                <a href="/health/lowcarb.htm">
                                                    &nbsp;The Low Carb Choice
                                                </a>
                                            </li>
                                            <li>
                                                <a href="/health/vitamin-d.htm">
                                                    &nbsp;Vitamin D
                                                </a>
                                            </li>
                                            <li>
                                                <a href="/health/sleep/healthy_sleep_formula.htm">
                                                    &nbsp;Healthy Sleep Formula
                                                </a>
                                            </li>
                                            <li>
                                                <a href="/zeo.htm">
                                                    &nbsp;Zeo Sleep Manager Pro
                                                </a>
                                            </li>
                                        </ul>
                                        <!--[if lte IE 6]></td></tr></table></a><![endif]-->
                                    </li>
                                </ul>
                                <!--[if lte IE 6]></td></tr></table></a><![endif]-->
                            </li>
                        </ul>
                        <ul>
                            <li id="other">
                                <a href="/pdp-8/pdp-8.htm">
                                    <img alt="[Other]" height="18" src="/mb-other.gif" title="" width="77">
                                    <!--[if gt IE 6]><!-->
                                </a>
                                <!--<![endif]-->
                                <!--[if lt IE 7]><table border="0" cellpadding="0" cellspacing="0"><tr><td><![endif]-->
                                <ul>
                                    <li>
                                        <center>
                                            <a href="/sqrl/sqrl.htm">
                                                <b>
             SQRL
                                                </b>
                                            </a>
                                        </center>
                                    </li>
                                    <li>
                                        <a href="/pdp-8/pdp-8.htm">
                                            &nbsp;PDP-8 Computers
                                        </a>
                                    </li>
                                    <li>
                                        <a href="/misc/truecrypt/truecrypt.htm">
                                            &nbsp;TrueCrypt Repository
                                        </a>
                                    </li>
                                    <li>
                                        <a href="/Big-Number-Calculator.htm">
                                            &nbsp;Big Number Calculator
                                        </a>
                                    </li>
                                    <li>
                                        <a href="/tqc/TheQuietCanine.htm">
                                            &nbsp;The Quiet Canine
                                        </a>
                                    </li>
                                </ul>
                                <!--[if lte IE 6]></td></tr></table></a><![endif]-->
                            </li>
                        </ul>
                    </div>
                    <!-- close "menu" div -->
                    <script async="" src="https://cse.google.com/cse.js?cx=000064552291181981813:y8yi5go2xza">
                    </script>
                    <div class="gcse-search" id="search">
                    </div>
                    <hr style="display:none">
                </div>
            </div>
        </div>
        <!-- close the "minwidth" wrappers -->
        <!-- ###################### END OF GRC MASTHEAD MENU  ###################### -->
        <center>
            <br>
            <table border="0" cellpadding="0" cellspacing="0">
                <tbody>
                    <tr>
                        <td rowspan="2">
                            <img alt="MagFingerprint" height="129" src="/image/MagFingerprint.jpg" width="104">
                        </td>
                        <td>
       &nbsp;&nbsp;
                        </td>
                        <td align="center" valign="top">
                            <font color="#990033" face="Verdana,Arial,Helvetica,Sans-Serif,MS Sans Serif" size="7">
                                <b>
                                    Fingerprints
                                </b>
                                <br>
                                <span style="color:#000099; font-size:10.5pt;">
                                    Is your employer, school, or Internet provider
                                    <br>
                                    <b>
                                        eavesdropping
                                    </b>
                                    on your
                                    <b>
                                        <u>
                                            secure
                                        </u>
                                    </b>
                                    connections?
                                </span>
                            </font>
                        </td>
                    </tr>
                    <tr valign="bottom">
                        <td align="center" colspan="2">
                            <font color="#808080" face="Verdana,Arial,Helvetica,Sans-Serif,MS Sans Serif" size="1">
                                495 sets of fingerprints checked per day
                                <br>
                                2,838,681 sets of fingerprints checked for our visitors
                            </font>
                        </td>
                    </tr>
                </tbody>
            </table>
            <img alt="" border="0" height="4" src="/image/darkredpixel.gif" width="90%">
            <br>
            <p class="blue_headline">
                Secure browser connections
                <u>
                    can be intercepted and decrypted
                </u>
                <br>
                by authorities who spoof the authentic site's certificate. But
                <br>
                <b>
                    the authentic site's fingerprint CANNOT be duplicated!
                </b>
            </p>
            <div id="OneMomentPlease" style="font-size:16pt; color:#a00; margin-top:2em; ">
                Fingerprinting ten remote servers. . .
            </div>
            <style>
                #OneMomentPlease {
                    display             : none;
                }
            </style>
            <table cellspacing="0" class="chart">
                <tbody>
                    <tr>
                        <td class="topleft">
                            Domain&nbsp;Name
                        </td>
                        <td class="top">
                            Certificate&nbsp;Name
                        </td>
                        <td class="top">
                            EV
                        </td>
                        <td class="top">
                            Security Certificate's
                            <span style="color:black; font-weight:bold">
                                Authentic
                            </span>
                            Fingerprint
                        </td>
                    </tr>
                    <tr class="dark">
                        <td class="left">
                            www.grc.com
                        </td>
                        <td>
                            grc.com
                        </td>
                        <td class="topleft">
                            &mdash;
                        </td>
                        <td>
                            A6:8F:8C:47:6B:D0:DE:9E:1D:18:4A:0A:51:4D:90:11:31:93:40:6D
                        </td>
                    </tr>
                    <tr class="light">
                        <td class="left">
                            www.facebook.com
                        </td>
                        <td>
                            *.facebook.com
                        </td>
                        <td class="topleft">
                            &mdash;
                        </td>
                        <td>
                            FB:C8:25:84:E5:34:86:FE:59:72:93:AB:65:83:E2:8C:64:CC:72:10
                        </td>
                    </tr>
                    <tr class="dark">
                        <td class="left">
                            www.paypal.com
                        </td>
                        <td>
                            www.paypal.com
                        </td>
                        <td class="topleft">
                            <img alt="EV - Extended Validation" height="13" src="/image/GreenSphere.gif" width="13">
                        </td>
                        <td>
                            92:69:A1:00:8F:61:AA:60:17:06:FC:85:FD:47:D2:77:66:C0:F5:91
                        </td>
                    </tr>
                    <tr class="dark">
                        <td class="left">
                            twitter.com
                        </td>
                        <td>
                            twitter.com
                        </td>
                        <td class="topleft">
                            &mdash;
                        </td>
                        <td>
                            AC:7F:07:2B:8A:E0:CB:0B:0E:48:73:2A:40:94:24:F7:BB:C1:61:11
                        </td>
                    </tr>
                    <tr class="light">
                        <td class="left">
                            www.blogger.com
                        </td>
                        <td>
                            *.blogger.com
                        </td>
                        <td class="topleft">
                            &mdash;
                        </td>
                        <td>
                            2C:B8:A2:AD:88:27:46:62:A7:26:8E:83:77:3B:F5:DD:CC:C4:91:DC
                        </td>
                    </tr>
                    <tr class="dark">
                        <td class="left">
                            www.linkedin.com
                        </td>
                        <td>
                            www.linkedin.com
                        </td>
                        <td class="topleft">
                            &mdash;
                        </td>
                        <td>
                            DC:45:B0:FA:20:27:5C:91:BE:80:C2:BD:D1:63:40:B7:B0:24:25:EE
                        </td>
                    </tr>
                    <tr class="light">
                        <td class="left">
                            www.yahoo.com
                        </td>
                        <td>
                            *.fantasysports.yahoo.com
                        </td>
                        <td class="topleft">
                            &mdash;
                        </td>
                        <td>
                            CE:04:E9:DE:42:7F:E9:73:31:3F:75:C9:34:57:A8:20:EE:0C:01:86
                        </td>
                    </tr>
                    <tr class="dark">
                        <td class="left">
                            wordpress.com
                        </td>
                        <td>
                            *.wordpress.com
                        </td>
                        <td class="topleft">
                            &mdash;
                        </td>
                        <td>
                            52:0E:61:A7:BD:5C:34:6E:64:BC:5C:DC:02:DF:AD:FF:C2:48:21:47
                        </td>
                    </tr>
                    <tr class="light">
                        <td class="left">
                            www.wordpress.com
                        </td>
                        <td>
                            *.wordpress.com
                        </td>
                        <td class="topleft">
                            &mdash;
                        </td>
                        <td>
                            52:0E:61:A7:BD:5C:34:6E:64:BC:5C:DC:02:DF:AD:FF:C2:48:21:47
                        </td>
                    </tr>
                </tbody>
            </table>
            <table>
                <tbody>
                    <tr>
                        <td style="padding-top:5px; color:#555; font-size:8pt;">
                            Each site's authentic security certificate fingerprint (shown above) was just now obtained by GRC's servers from each target web
                            <br>
                            server.
                            <u>
                                If your web browser sees a different fingerprint for the same certificate
                            </u>
                            (carefully verify the Certificate Name is identical) that
                            <br>
                            forms strong evidence that
                            <u>
                                something is intercepting your web browser's secure connections
                            </u>
                            and is creating fraudulent site certificates.
                        </td>
                    </tr>
                </tbody>
            </table>
            <div class="pagecontainer" id="embelow">
                <div class="blue_section_heading">
                    Custom Site Fingerprinting
                </div>
                <p>
                    In addition to the well-known web sites listed above, GRC's web server can obtain and display the &ldquo;fingerprint&rdquo; of any HTTPS-capable public web server's secure connection certificate. Simply enter the domain name of the server you wish to fingerprint, then press Enter or click the &ldquo;Fingerprint Site&rdquo; button:
                </p>
                <center>
                    <form action="/fingerprints.htm" method="post">
                        <table bgcolor="#660000" border="0" cellpadding="1" cellspacing="0">
                            <tbody>
                                <tr>
                                    <td>
                                        <table bgcolor="#FFD0D0" border="0" cellpadding="0" cellspacing="0" width="100%">
                                            <tbody>
                                                <tr>
                                                    <td>
                                                        <table border="0" cellpadding="0" cellspacing="15" width="100%">
                                                            <tbody>
                                                                <tr valign="top">
                                                                    <td>
                                                                        <span style="font-weight: bold; font-size:16px; ">
                                                                            https://
                                                                        </span>
                                                                        <input id="domainname" maxlength="253" name="1" size="64" type="text" value="">
                                                                    </td>
                                                                    <td>
                                                                        <input name="2" type="submit" value="Fingerprint Site">
                                                                    </td>
                                                                </tr>
                                                            </tbody>
                                                        </table>
                                                    </td>
                                                </tr>
                                            </tbody>
                                        </table>
                                    </td>
                                </tr>
                            </tbody>
                        </table>
                        <table>
                            <tbody>
                                <tr>
                                    <td>
                                        <div class="dotted_green">
                                            <b>
                                                Google and Apple are different:
                                            </b>
                                            Some visitors are being confused by
                                            <br>
                                            Google's and Apple's certificate fingerprints which change and may not
                                            <br>
                                            match.&nbsp;&nbsp;Please see the &ldquo;What can go wrong with this test?&rdquo; section at
                                            <br>
                                            the bottom of this page for an explanation of the complexities.
                                        </div>
                                    </td>
                                </tr>
                            </tbody>
                        </table>
                    </form>
                </center>
                <div style="margin:1.5em 0 0.25em 0; text-align:center; color:#070; font-weight:bold; font-family: Arial, Helvetica, sans-serif; font-size: 20pt;">
                    What's this about?
                </div>
                The Internet is a cooperative PUBLIC DATA NETWORK. Its data traffic flows around the globe freely, transported by an incredible variety of intermediate carriers. These carriers cooperate because they need each other equally
                <b>
                    :
                </b>
                &ldquo;I'll carry your traffic if you'll carry mine.&rdquo; And the system works. But with all of this traffic zipping around all over the place, in full public view, how do we
                <b>
                    KNOW
                </b>
                that we are
                <u>
                    really
                </u>
                connected to our bank, our medical records database, or any other public or private website? Websites are (obviously) easy to create, so copying a popular website and redirecting traffic there would not be difficult. And, unfortunately, the world has no shortage of people who would like to do that.
                <p>
                    The original un-secured HTTP web connections never attempted to authenticate or encrypt their connections. Users who knew enough to wonder and worry could only hope that they were actually interacting with the website they intended. And that was fine back when the Internet was just a curiosity. But the Internet has grown into a resource where people conduct business, place orders, exchange stock, refer to their medical histories, perform their banking, and everything else&mdash;very much as they do in the physical world. For the &ldquo;cyber versions&rdquo; of these activities to be feasible, users expect, need, and must have security and privacy.
                </p>
                <center>
                    <table border="0" cellpadding="0" cellspacing="0">
                        <tbody>
                            <tr>
                                <td style="color:#070; font-weight:bold; font-family: Arial, Helvetica, sans-serif; font-size:16pt;">
                                    The &ldquo;S&rdquo; added to the end of the &ldquo;HTTP&rdquo; means SECURE.
                                </td>
                            </tr>
                            <tr align="center">
                                <td>
                                    (Or at least it was supposed to.)
                                </td>
                            </tr>
                        </tbody>
                    </table>
                </center>
                <p>
                    The presence of the unbroken key or the lock icon on the web browser
                    <b>
                        once
                    </b>
                    meant that the connection between the user and the remote web server was authenticated, secured, encrypted
                    <b>
                        &nbsp;.&nbsp;.&nbsp;.&nbsp;
                    </b>
                    and
                    <b>
                        not
                    </b>
                    susceptible to
                    <b>
                        any
                    </b>
                    form of eavesdropping by any third party.
                    <b>
                        Unfortunately, that is no longer always true.
                    </b>
                </p>
                <p>
                </p>
                <div class="larger_red_arial" style="margin-bottom:0.2em;">
                    What happened?
                </div>
                To enhance their users' security and privacy, an ever increasing number of web sites are switching from traditional &ldquo;HTTP&rdquo; to the more secure &ldquo;HTTPS&rdquo; connections&mdash;like THIS web page. This type of secured connection is known as SSL or TLS (&ldquo;Secure Sockets Layer&rdquo; and &ldquo;Transport Layer Security&rdquo;) two names for the same thing. What's significant is that the data sent back and forth over any HTTPS/SSL/TLS connection is encrypted by technology no one knows how to break. Really, no one. It's truly secure.
                <p>
                    In the early days of the Internet, the encryption provided by HTTPS connections was difficult and time consuming to establish, so these &ldquo;expensive&rdquo; connections were usually reserved for logging into a site (to protect the user's name and password) or when submitting very sensitive information, such as private credit card numbers and purchasing data. Since HTTPS connections were once used sparingly, anyone wishing to monitor, watch, record and log the actions of users on the Internet could do so easily, simply by eavesdropping on the data moving through the wires. But as technology has advanced, the cost of employing unbreakable encryption for all connections has become feasible. So today more and more websites are switching to always using encrypted HTTPS connections.
                </p>
                <p>
                    This has been great for Internet users, who expect and want their use of the Internet to remain personal and private. But employers, educational institutions, and others have become unhappy that their traditional network traffic monitoring and filtering is increasingly blinded by the growing use of HTTPS connection encryption. (The United States FBI refers to this as the &ldquo;Going Dark Problem&rdquo; since they, too, are able to see less and less of what's going on. For them, the Internet is &ldquo;going dark&rdquo; all around them.)
                </p>
                <p>
                    Private institutions&mdash;corporations, schools, and other organizations&mdash;have responded to this &ldquo;loss of visibility&rdquo; into every detail of their employees' and students' Internet usage by deploying new technology known as
                    <b>
                        &ldquo;HTTPS Proxy Appliances&rdquo;
                    </b>
                    . These devices circumvent our most basic assumption and guarantee of Internet browser privacy and security.
                </p>
                <center>
                    <table>
                        <tbody>
                            <tr>
                                <td style="color:#070; font-weight:bold; font-family: Arial, Helvetica, sans-serif; font-size: larger;">
                                    Internet providers, public and private, cannot control what
                                    <br>
                                    they cannot see
                                    <b>
                                        &nbsp;.&nbsp;.&nbsp;.&nbsp;
                                    </b>
                                    so they insist upon seeing everything.
                                </td>
                            </tr>
                        </tbody>
                    </table>
                </center>
                <p>
                </p>
                <div class="larger_red_arial" style="margin:1.5em 0 0.2em 0;">
                    How is this possible?
                </div>
                Study the following statement very carefully until you're sure you understand what it is saying. It is the key:
                <p>
                </p>
                <center>
                    <table>
                        <tbody>
                            <tr>
                                <td style="background:#f8fff8; border:1px solid #999; padding:1em 1.5em; color:#070; font-weight:bold; font-family: Arial, Helvetica, sans-serif; font-size: larger;">
                                    Web browsers trust the identity assertion made by a remote web
                                    <br>
                                    site when that site presents a certification of its identity that has
                                    <br>
                                    been signed by a higher authority
                                    <u>
                                        that the browser already trusts
                                    </u>
                                    .
                                </td>
                            </tr>
                        </tbody>
                    </table>
                </center>
                <p>
                    Many years ago, the people at Netscape who developed the first popular web browser, invented a solution to both the need for Internet privacy (encryption) and security (authentication). Their concept was elegant and simple and has endured to this day: A third party who we trust has assured us that our encrypted traffic is going only to the website we intend. Here how that works:
                </p>
                <p>
                    There are entities known as "Certificate Authorities" (CA) to whom web sites prove their identity in the real physical world using incorporation documentation, Dun &amp; Bradstreet records, their publicly known telephone numbers, and so forth. When a web site has proven its identity with sufficient certainty, the Certificate Authority (CA) will put its reputation on the line by digitally signing the site's security certificate which contains an assertion of its identity.
                </p>
                <p>
                    When an Internet browser establishes a secure connection with a remote site, that site
                    <b>
                        must provide
                    </b>
                    that signed certificate for the web browser's inspection. The web browser already contains a (long) list of all the trusted and reputable certificate authorities that exist in the world. So the browser is able to verify the authenticity of the certificate provided by the web site by verifying that it was properly digitally signed by one of the many certificate authorities it trusts to sign website identity certificates.
                </p>
                <p>
                </p>
                <div class="larger_red_arial" style="margin-bottom:0.2em;">
                    How is this elegant system subverted?
                </div>
                Any corporation, educational institution, or other Internet connectivity provider who wishes to monitor
                <b>
                    every Internet action
                </b>
                of its employees, students or users&mdash;every private user ID &amp; password of every social networking or banking site they visit, their medical records, all &ldquo;secure&rdquo; eMail
                <b>
                    &nbsp;.&nbsp;.&nbsp;.&nbsp;
                </b>
                EVERYTHING&mdash;simply arranges to add
                <u>
                    one additional
                    <b>
                        &ldquo;Pseudo Certificate Authority&rdquo;
                    </b>
                    to their users' browsers or computers
                </u>
                . It's that simple.
                <p>
                </p>
                <center>
                    <table>
                        <tbody>
                            <tr>
                                <td align="center">
                                    <div style="color:#000;">
                                        <b>
                                            Here's a 2013 real-world example:
                                        </b>
                                    </div>
                                    <div class="dotted_red" style="margin-top:0; text-align:left; color:#800">
                                        <b>
                                            Nokia caught secretly decrypting mobile browser traffic:
                                        </b>
                                        <a href="http://www.zdnet.com/nokia-hijacks-mobile-browser-traffic-decrypts-https-data-7000009655/">
                                            ZDNet reports
                                        </a>
                                        <br>
                                        security researcher Gaurang Pandya's discovery that the &ldquo;secure&rdquo; HTTPS traffic
                                        <br>
                                        from his web browser was being
                                        <u>
                                            decrypted
                                        </u>
                                        by Nokia's servers. (See the link.)
                                        <span class="font7px">
                                            <br>
                                            <br>
                                        </span>
                                        Nokia's reason is valid: Encrypted data appears as pseudo-random noise and
                                        <br>
                                        cannot be compressed. But they did this secretly and there's no way to disable
                                        <br>
                                        it.&nbsp;&nbsp;Opera's Mini browser does the same thing for the same reason, but makes it
                                        <br>
                                        optional and explains it clearly. And while Nokia says they would never pry, the
                                        <br>
                                        fact is that since they CAN, in the USA they could be compelled to do so.
                                    </div>
                                </td>
                            </tr>
                        </tbody>
                    </table>
                </center>
                <p>
                    For example, suppose that &ldquo;Bendover Industries&rdquo; installs a commercially available &ldquo;SSL Proxy&rdquo; (also known as an HTTPS or TLS Proxy). Then, as part of prepping computers for use inside their network, Bendover's IT department simply adds one additional &ldquo;trusted&rdquo; Certificate Authority to each computer. That's all it takes.
                </p>
                <p>
                    Now, whenever anyone inside Bendover's network makes a &ldquo;secure&rdquo; connection to
                    <b>
                        any
                    </b>
                    remote public web site&mdash;their bank, Google Mail, Facebook, anything&mdash;that connection is intercepted by Bendover's SSL Proxy appliance
                    <b>
                        before it leaves the building
                    </b>
                    . On-the-fly, the SSL Proxy Appliance creates a
                    <b>
                        fraudulent
                    </b>
                    &ldquo;spoofed&rdquo; web server certificate in order to
                    <b>
                        impersonate
                    </b>
                    the intended remote web site, and it signs that fraudulent certificate
                    <b>
                        itself
                    </b>
                    using the signature of the also-fraudulent Certificate Authority that was previously planted inside the user's browser or computer.
                </p>
                <p>
                    Because the impersonation is perfect, neither the browser nor the user can readily detect that they do not have a securely encrypted direct connection to the remote web site. Their browser shows every facet of a standard secured SSL connection&mdash;all the locks and pretty colors and everything we have been trained to look for and check for are present
                    <b>
                        &nbsp;.&nbsp;.&nbsp;.
                    </b>
                </p>
                <center>
                    <table>
                        <tbody>
                            <tr>
                                <td style="color:#070; font-weight:bold; font-family: Arial, Helvetica, sans-serif; font-size:20pt;">
                                    And it's all a lie.
                                </td>
                            </tr>
                        </tbody>
                    </table>
                </center>
                <p>
                    Instead of connecting to the remote web server, the browser is &ldquo;securely&rdquo; connected only to the local Proxy Appliance which is decrypting, inspecting, and logging
                    <b>
                        all
                    </b>
                    of the material sent from the browser. It inspects all content to determine whether it abides by whatever arbitrary policies the local network is enforcing. It's users have NO privacy and NO security. Or perhaps it just silently logs &amp; records everything for possible future need. Either way, it has obtained
                    <b>
                        full access
                    </b>
                    to everything the user enters into their web browser.
                </p>
                <div class="solid_white">
                    <div style="font-family: Arial, Helvetica, sans-serif; font-size: larger;">
                        <center>
                            <b>
                                A case in point:
                                <a href="http://www.bluecoat.com">
                                    Blue Coat Systems, Inc
                                </a>
                                .
                            </b>
                        </center>
                    </div>
                    <ul>
                        <li>
                            <a href="http://www.bluecoat.com/security/security-archive/2011-11-01/ssl-proxy-and-anti-malware-go-hand-hand-0">
                                An older entry (2011-11-1) from Blue Point's blog
                            </a>
                            <br>
                            In this posting from more than two years ago they explain how the web's increasing use of SSL &amp; TLS encryption [primarily for privacy, of course, which their technology violates] has made user activities more and more invisible. Quoting verbatim from the posting:
                            <i style="color:#900">
                                There was a time when a web proxy that handled web pages in the clear covered almost all the web pages of interest for an organization's policy compliance. Today, webmail offerings routinely use SSL encrypted logins and even maintain SSL connections for the web based email session. SSL is also used today wherever personal credentials are entered, whether it's a social networking site, shopping or other entertainment site. Because of the widespread use of encryption on websites, making sure you use an SSL proxy (basically a proxy that can inspect and enforce policy around the contents within an SSL session) is more important than ever.
                            </i>
                        </li>
                        <li>
                            And speaking of &ldquo;policy&rdquo;,
                            <a href="http://www.bluecoat.com/company-blog/2013-01-18/removing-lgbt-category-blue-coat-webfilter">
                                here's their blog posting from 2013-01-18
                            </a>
                            where they decide to remove their &ldquo;checkbox&rdquo; for automatic detection and filtering of &ldquo;LGBT&rdquo; (Lesbian, Gay, Bisexual, Transgender) material. Quoting again from the posting:
                            <i style="color:#900">
                                Based in part on customer feedback, we have decided to remove the LGBT category from Blue Coat WebFilter. Content will cease to be rated in the LGBT category effective immediately, and the category will be removed from Blue Coat WebFilter in the next product release.
                            </i>
                            <br>
                            This of course means that until now they
                            <b>
                                have
                            </b>
                            been offering to filter and alert for LGBT content.
                        </li>
                    </ul>
                </div>
                <div class="dotted_green" style="color:#060;">
                    <b>
                        I take no position
                    </b>
                    about the morality or ethics of this&mdash;though it would be safe to say that as an advocate for individual responsibility and privacy, I'm not a fan. I point it out merely to demonstrate that the privacy-invading technology
                    <b>
                        does indeed exist
                    </b>
                    and is readily available to anyone who desires its deployment.
                    <div style="text-align:center; margin-top:0.5em; font-size:larger; font-family:Arial, Helvetica, sans-serif">
                        <b>
                            I created this page to enable anyone to easily determine
                            <br>
                            whether and when SSL Interception is being used on them!
                        </b>
                    </div>
                </div>
                <p>
                </p>
                <div class="larger_red_arial" style="margin-bottom:0.2em;">
                    And from Microsoft:
                </div>
                Never to be left (far) behind, this dialog box presented by Microsoft's &ldquo;Forefront Threat Management Gateway&rdquo; shows the options offered for &ldquo;HTTPS Inspection.&rdquo; Note the warning near the bottom. They know this is slimy behavior:
                <p>
                </p>
                <center>
                    <img alt="HttpsInterception" height="498" src="image/HttpsInterception.png" width="432">
                </center>
                <p>
                </p>
                <div class="blue_div">
                </div>
                <div class="larger_red_arial" style="margin-bottom:0.2em;">
                    Completing the lie:
                </div>
                Once the SSL Proxy Appliance has decrypted, inspected and judged the user's content, it establishes a
                <b>
                    second
                </b>
                secure connection to the remote web server&mdash;this time impersonating the user. Assuming that the user's request and data meet with the network's policies, or perhaps after having all been logged, the data is re-encrypted through the second connection to the remote web site
                <b>
                    &nbsp;.&nbsp;.&nbsp;.&nbsp;
                </b>
                just as if nothing had happened.
                <p>
                </p>
                <p>
                </p>
                <div class="larger_red_arial" style="margin-bottom:0.2em;">
                    Can this SSL Interception be PREVENTED?
                </div>
                <b>
                    No.&nbsp;&nbsp;But it CAN be reliably detected
                </b>
                because it is
                <b>
                    NOT POSSIBLE
                </b>
                to
                <b>
                    COMPLETELY
                </b>
                spoof
                <b>
                    ANY
                </b>
                security certificate!
                <p>
                </p>
                <p>
                </p>
                <div style="color:#000; margin-bottom:4px; font-size:larger;">
                    Follow this logic carefully, it's the key:
                </div>
                <div style="border:1px solid #000; padding:1em 1.5em; color:#000;">
                    Public and Private keys form cryptographically matched pairs. It is not feasible to derive one from the other, yet what one encrypts only the matching other can decrypt. Website SSL security certificates provide the site's Public cryptographic key which is the public side of the server's secret Private cryptographic key which is never publicly disclosed. Only the certificate's public key can be used to encrypt data which the remote server can decrypt only using its matching private key. Since the SSL Proxy Appliance
                    <b>
                        does not have
                    </b>
                    the private key of the remote server&mdash;because only the remote server has it&mdash;the fake &amp; fraudulent certificate the SSL Proxy provides to the user's web browser
                    <b>
                        is forced to use a different public key
                    </b>
                    for which it
                    <b>
                        does
                    </b>
                    have a matching private key. And
                    <b>
                        that
                    </b>
                    means that no matter how hard any SSL-intercepting Proxy Appliance may try to spoof and fake any other server's certificate,
                    <b>
                        the certificate's public key MUST BE DIFFERENT
                    </b>
                    .
                </div>
                <p>
                </p>
                <p>
                </p>
                <div class="larger_red_arial" style="margin-bottom:0.2em;">
                    Here comes the bit about Fingerprints:
                </div>
                Anyone examining an SSL certificate (like this page or your web browser) can create a &ldquo;cryptographic hash&rdquo; or &ldquo;digest&rdquo; of the certificate's contents. Cryptographic hashes are complex mathematical algorithms which carefully process every single bit of what they &ldquo;digest.&rdquo; They have the amazingly property that
                <u>
                    if even
                    <b>
                        one bit
                    </b>
                    inside the certificate is changed
                </u>
                , an average of
                <u>
                    half
                </u>
                of the fingerprint's hash bits will change in response! In other words, when such a cryptographic hash is used to &ldquo;fingerprint&rdquo; a certificate
                <b>
                    any change
                </b>
                , no matter how small, will result in a
                <b>
                    COMPLETELY
                </b>
                different fingerprint.
                <p>
                </p>
                <p>
                    Fingerprints offer incredibly sensitive and strong detection of
                    <b>
                        anything
                    </b>
                    changed
                    <b>
                        anywhere
                    </b>
                    in a security certificate. Certificate fingerprints were originally based upon the &ldquo;MD5&rdquo; (Message Digest 5) hashing algorithm. But over time researchers found MD5 to be a bit weak in some special cases which might have been exploitable. So the entire industry (and this web site) has switched over to using the newer, stronger and even more secure &ldquo;
                    <b>
                        SHA1
                    </b>
                    &rdquo; (Secure Hashing Algorithm 1) hashing algorithm.
                </p>
                <p>
                </p>
                <div class="larger_red_arial" style="margin-bottom:0.2em;">
                    Let's bring it home
                    <b>
                        &nbsp;.&nbsp;.&nbsp;.&nbsp;
                    </b>
                </div>
                All SSL-intercepting Proxy Appliances
                <b>
                    MUST
                </b>
                provide a fraudulent spoofed certificate containing a public key for which it has the matching private key, and that private key cannot be the same as the actual remote server's because private keys are a closely held secret and no one knows any server's private key.
                <p>
                </p>
                <p>
                    This means that no matter how much any SSL Proxy Appliance might
                    <b>
                        want
                    </b>
                    to duplicate a remote server's certificate
                    <b>
                        &nbsp;.&nbsp;.&nbsp;.&nbsp;
                    </b>
                    it cannot.&nbsp;
                    <b>
                        It is impossible.
                    </b>
                    &nbsp; And the certificate's fingerprint, which can be easily viewed through any web browser's user-interface,
                    <u>
                        completely gives away the lie
                    </u>
                    :
                </p>
                <center>
                    <table>
                        <tbody>
                            <tr>
                                <td style="color:#070; font-weight:bold; font-family: Arial, Helvetica, sans-serif; font-size: larger;">
                                    The remote server's REAL certificate and the SSL Appliance's FAKED certificate MUST
                                    <br>
                                    HAVE AND WILL HAVE radically different fingerprints.&nbsp;&nbsp;They will not be remotely similar.
                                </td>
                            </tr>
                        </tbody>
                    </table>
                </center>
                <div class="blue_section_heading">
                    And now we know what this page does!
                </div>
                <p>
                    <b>
                        YOUR
                    </b>
                    web browser's Internet connection
                    <b>
                        MAY
                    </b>
                    be intercepted by your employer, school, church, ISP or whatever organization is providing the Internet connection. But GRC's connection is NOT being intercepted by anyone. We use the &ldquo;Tier 1&rdquo; provider &ldquo;Level 3&rdquo; to connect
                    <u>
                        directly
                    </u>
                    to the Internet Backbone with no third-party between us and any remote website. So, with this page, WE can obtain any website's authentic HTTPS fingerprint to show you what it SHOULD BE.
                </p>
                <p>
                    <b>
                        THIS PAGE
                    </b>
                    will only allow itself to be delivered from GRC over a secure and encrypted SSL connection. So your web browser will show
                    <b>
                        SOME
                    </b>
                    SSL certificate fingerprint
                    <b>
                        &nbsp;.&nbsp;.&nbsp;.&nbsp;
                    </b>
                    but will it be GRC's
                    <b>
                        authentic
                    </b>
                    fingerprint, shown here?:
                </p>
                <center>
                    <table border="0" cellspacing="0" style="margin:1em 0;">
                        <tbody>
                            <tr>
                                <td style="border:1px solid #aaa; padding:4px 10px; color:#000; font-size:14pt; font-weight:bold; font-family: 'Courier New', Courier, monospace;">
                                    A6:8F:8C:47:6B:D0:DE:9E:1D:18:4A:0A:51:4D:90:11:31:93:40:6D
                                </td>
                            </tr>
                            <tr>
                                <td align="center" style="color:#666;">
                                    The fingerprint of GRC's authentic security certificate
                                </td>
                            </tr>
                        </tbody>
                    </table>
                </center>
                <p>
                    <b>
                        &nbsp;.&nbsp;.&nbsp;.&nbsp;
                    </b>
                    or will it be the
                    <b>
                        necessarily different
                    </b>
                    fingerprint of a fraudulent SSL interception certificate that was created for the deliberate purpose of attempting to fool you and your web browser?
                </p>
                <p>
                    If you are currently&mdash;right now&mdash;viewing this page from within
                    <b>
                        ANY
                    </b>
                    network that is intercepting and spoofing SSL connections (the dialog box above clearly shows that Microsoft offers this &ldquo;feature&rdquo;), and if
                    <b>
                        THIS
                    </b>
                    specific connection
                    <b>
                        was
                    </b>
                    intercepted, the fingerprint of GRC's authentic SSL security certificate shown above
                    <b>
                        will NOT match
                    </b>
                    the fingerprint shown by your web browser. And the same is true for any websites your local network may be secretly intercepting.
                </p>
                <p>
                </p>
                <div class="larger_red_arial" style="margin-bottom:0.2em;">
                    Note that fingerprint CaSe and :Colons: do not matter:
                </div>
                The
                <b>
                    SHA1 fingerprint hash
                </b>
                displayed by web browsers usually (but not always) use UPPERCASE &ldquo;hexadecimal&rdquo; formatting, and usually (but not always) separate each pair of characters with a colon. That's why this web page chose that most common display format. If your browser uses lowercase and/or uses spaces instead of colons, those are just display choices and do not affect the fingerprint contents. So the following two fingerprints are IDENTICAL:
                <div style="padding:0.5em 0; text-align:center; color:#000; font-size:11pt; font-weight:bold; font-family: 'Courier New', Courier, monospace;">
                    05:0A:A7:C3:5F:85:F0:A8:5B:14:1D:B6:7F:67:8C:60:4F:2D:DE:D3
                    <br>
                    05 0a a7 c3 5f 85 f0 a8 5b 14 1d b6 7f 67 8c 60 4f 2d de d3
                </div>
                (So it is always safe to ignore the alphabetic case and colons.)
                <p>
                </p>
                <div class="blue_section_heading">
                    How to display this page's (or any page's) SSL certificate fingerprint:
                </div>
                <p>
                    Each web browser is a bit different, but here's where to (currently) find the certificate fingerprints in the more popular web browsers. (And you can probably figure this out for any others.)
                </p>
                <p>
                </p>
                <div class="larger_red_arial">
                    Internet Explorer:
                </div>
                <ul class="tighterlist" style="margin-top:3px;">
                    <li>
                        Right-click somewhere on the page.
                    </li>
                    <li>
                        Select &ldquo;Properties&rdquo; at the bottom of the pop-up menu.
                    </li>
                    <li>
                        Click the &ldquo;Certificates&rdquo; button on the Properties page.
                    </li>
                    <li>
                        Verify that the &ldquo;Issued to&rdquo; name
                        <b>
                            exactly matches
                        </b>
                        what this GRC page shows.
                    </li>
                    <li>
                        Click the &ldquo;Details&rdquo; tab to change views.
                    </li>
                    <li>
                        Set the &ldquo;Show&rdquo; selector to &ldquo;&lt;All&gt;&rdquo; if it isn't already.
                    </li>
                    <li>
                        Scroll down to the end of the list to &ldquo;Thumbprint&rdquo; (which is what Windows calls it).
                    </li>
                    <li>
                        Click on the &ldquo;Thumbprint&rdquo; item to select it and show the full thumbprint in the window.
                    </li>
                </ul>
                <p>
                </p>
                <p>
                </p>
                <div class="larger_red_arial">
                    Google Chrome:
                </div>
                <ul class="tighterlist" style="margin-top:3px;">
                    <li>
                        Click on the padlock at the far left end of the URL address bar.
                    </li>
                    <li>
                        Select the &ldquo;Connection&rdquo; tab.
                    </li>
                    <li>
                        Click on &ldquo;Certificate Information&rdquo;.
                    </li>
                    <li>
                        Verify that the &ldquo;Issued to&rdquo; name
                        <b>
                            exactly matches
                        </b>
                        what this GRC page shows.
                    </li>
                    <li>
                        Click the &ldquo;Details&rdquo; tab to change views.
                    </li>
                    <li>
                        Set the &ldquo;Show&rdquo; selector to &ldquo;&lt;All&gt;&rdquo; if it isn't already.
                    </li>
                    <li>
                        Scroll down to the end of the list to &ldquo;Thumbprint&rdquo; (which is what Windows calls it).
                    </li>
                    <li>
                        Click on the &ldquo;Thumbprint&rdquo; item to select it and show the full thumbprint in the window.
                    </li>
                </ul>
                <p>
                </p>
                <p>
                </p>
                <div class="larger_red_arial">
                    Mozilla Firefox:
                </div>
                <ul class="tighterlist" style="margin-top:3px;">
                    <li>
                        Click on the padlock at the far left end of the URL address bar.
                    </li>
                    <li>
                        Click the More &ldquo;Information...&rdquo; button.
                    </li>
                    <li>
                        Click the &ldquo;Security&rdquo; icon/tab at the top of the &ldquo;Page Info&rdquo; dialog.
                    </li>
                    <li>
                        Click &ldquo;View Certificate&rdquo;.
                    </li>
                    <li>
                        Verify that the certificate's name under &ldquo;Common Name (CN)&rdquo;
                        <b>
                            exactly matches
                        </b>
                        what this GRC page shows.
                    </li>
                    <li>
                        The SHA1 fingerprint is shown under &ldquo;Fingerprints&rdquo;.
                    </li>
                </ul>
                <p>
                </p>
                <p>
                </p>
                <div class="larger_red_arial">
                    Apple Safari:
                </div>
                <ul class="tighterlist" style="margin-top:3px;">
                    <li>
                        Click the [https padlock] icon at the far left end of the URL address bar.
                    </li>
                    <li>
                        Click &ldquo;Show Certificate&rdquo;.
                    </li>
                    <li>
                        Click the arrow to expand the &ldquo;Details&rdquo;
                    </li>
                    <li>
                        Verify that the certificate's &ldquo;Common Name&rdquo;
                        <b>
                            exactly matches
                        </b>
                        the name shown on the GRC page.
                    </li>
                    <li>
                        Scroll to the bottom to view the certificate's SHA1 Fingerprint.
                    </li>
                </ul>
                <p>
                </p>
                <center style="color:#070; font-weight:bold; font-family: Arial, Helvetica, sans-serif; font-size:larger;">
                    The ONLY WAY the SHA1 fingerprints can match, is if the certificate GRC
                    <u>
                        just now
                        <br>
                        obtained
                    </u>
                    DIRECTLY from the remote web server is
                    <u>
                        IDENTICAL
                    </u>
                    to the certificate
                    <br>
                    YOUR web browser also just obtained DIRECTLY from the remote web server.
                </center>
                <p>
                    But IF this SSL page was intercepted, its certificate fingerprint will HAVE TO BE DIFFERENT since authentic SSL certificates are impossible to perfectly duplicate.
                </p>
                <div class="blue_section_heading">
                    A
                    <b>
                        Crucially Important
                    </b>
                    Spoofing Exception!!
                </div>
                <p>
                    While researching ways to help our visitors verify their connection fingerprints, we hit upon one type of certificate which, when properly handled, as they have been in the
                    <b>
                        Firefox
                    </b>
                    and
                    <b>
                        Chrome
                    </b>
                    (and Chromium), but
                    <b>
                        not
                    </b>
                    Internet Explorer
                    <b>
                        &nbsp;.&nbsp;.&nbsp;.&nbsp;CANNOT BE SPOOFED at all!!
                    </b>
                </p>
                <div class="green_callout">
                    In Firefox and Chrome, only 100% authentic Extended Validation
                    <br>
                    (EV) certificates will display the extra "Green" indication!
                </div>
                <p>
                    This www.GRC.com web site
                    <u>
                        always uses Extended Validation (
                        <b style="color:#080">
                            EV
                        </b>
                        ) certificates
                    </u>
                    . So if you are viewing
                    <b>
                        this EV site
                    </b>
                    through a properly-designed web browser, such as Firefox or Chrome (but not Internet Explorer, since Microsoft deliberately allows
                    <b style="color:#080">
                        EV
                    </b>
                    indications to be forged) and you DO see the special
                    <b style="color:#080">
                        EV
                    </b>
                    treatment in the address bar, then you
                    <b>
                        KNOW
                    </b>
                    your connection to US is NOT being intercepted (and also that this page's contents have
                    <b>
                        not
                    </b>
                    been altered!) But if the special
                    <b style="color:#080">
                        EV
                    </b>
                    indication is NOT being displayed
                    <b>
                        &nbsp;.&nbsp;.&nbsp;.&nbsp;then you instantly know
                    </b>
                    that something IS intercepting and spoofing this web site's certificate!
                </p>
                <p>
                    Or to put it another way: If you are using Firefox or Chrome somewhere that
                    <b>
                        never
                    </b>
                    shows any
                    <b style="color:#080">
                        EV
                    </b>
                    certificates, then you
                    <b>
                        ARE
                    </b>
                    using a connection that is being intercepted, and your web browser is being presented with deliberately fraudulent certificates
                    <b>
                        &nbsp;.&nbsp;.&nbsp;.&nbsp;
                    </b>
                    since
                    <b style="color:#080">
                        EV
                    </b>
                    certificates cannot be spoofed!
                </p>
                <p>
                    Note that because extended validation certificates are completely spoof-proof (under Firefox and Chrome) we show the true
                    <b style="color:#080">
                        EV
                    </b>
                    status for every fingerprinted site. This allows you to determine whether any site you select should be showing as
                    <b style="color:#080">
                        EV
                    </b>
                    in your Firefox or Chrome browser.
                </p>
                <p>
                    Please see our
                    <a href="/ssl/ev.htm">
                        The Special Power of Extended Validation Web Site Certificates
                    </a>
                    page for an in-depth discussion of the value and spoofing-resistance of extended validation certificates.
                </p>
                <div class="blue_section_heading">
                    What can go wrong with this test?
                </div>
                <p>
                    There
                    <b>
                        ARE
                    </b>
                    several things to consider:
                </p>
                <p>
                </p>
                <div class="larger_red_arial" style="margin-bottom:0.2em;">
                    False-Positive Mismatches:
                </div>
                Smaller web sites, like this one (GRC) and those others listed above, deploy only
                <u>
                    one
                </u>
                security certificate on one or more web servers (For example, our wonderful certificate provider,
                <a href="http://www.digicert.com/">
                    DigiCert
                </a>
                , specifically allows us to use the same single certificate on as many servers as necessary.)
                <p>
                </p>
                <p>
                    But companies with a massive and widely distributed web presence, such as Amazon or Google, may deploy
                    <u>
                        many
                    </u>
                    different security certificates across their many globally distributed servers and web sites. Multiple certificates may be easier for them to obtain and manage, and their security is
                    <u>
                        not
                    </u>
                    reduced. But it does mean that not every user of their servers (like you and this GRC page) would necessarily obtain the same security certificate.
                </p>
                <p>
                    This means that a simple comparison of certificate fingerprints could
                    <b>
                        erroneously
                    </b>
                    lead people wishing to test these huge websites to conclude that their connections
                    <b>
                        were
                    </b>
                    being intercepted, when they have simply received a different valid certificate than the one received and shown by this web page.
                </p>
                <p>
                    The best solution is to test smaller sites that are known to be using single certificates, or sites using
                    <a href="/ssl/ev.htm">
                        the completely unspoofable
                    </a>
                    extended validation (
                    <b style="color:#080">
                        EV
                    </b>
                    ) certificates with an EV-honoring web browser such as Firefox or Chrome (but not Internet Explorer, which doesn't properly verify
                    <b style="color:#080">
                        EV
                    </b>
                    certificates).
                </p>
                <p>
                </p>
                <div class="larger_red_arial" style="margin-bottom:0.2em;">
                    Machine-Resident Interception:
                </div>
                At least two anti-malware products &mdash; BitDefender and Kaspersky A/V &mdash; operate as local HTTPS intercepting proxies. They obviously do this in order to scan the machine's secured and encrypted inbound web content for anything malicious. But this is quite disturbing because, even though it's for a good purpose, there
                <b>
                    are
                </b>
                other ways to access the content
                <b>
                    after
                </b>
                it has been decrypted and
                <b>
                    before
                </b>
                it reaches the web browser. So this incredibly intrusive and security-breaking approach
                <b>
                    <u>
                        is not necessary
                    </u>
                </b>
                . And this also has very negative side effects, such as breaking the display of all EV (extended validation) web sites. This is really bad. Since you are ALWAYS being intercepted, you can NEVER verify whether it's only once
                <b>
                    &nbsp;.&nbsp;.&nbsp;.&nbsp;
                </b>
                or more. (Note that I can and do vouch for the value of Kaspersky as a terrific security threat research group. But this approach is
                <b>
                    wrong
                </b>
                .) If it is possible to temporarily disable this aspect of their &ldquo;protection&rdquo;, then you could perform remote interception testing while the local interception is disabled.
                <p>
                </p>
                <center>
                    <table>
                        <tbody>
                            <tr>
                                <td>
                                    <div class="dotted_blue" style="margin:0;">
                                        <b>
                                            BitDefender Interception Configuration:
                                        </b>
                                        Under &ldquo;Settings&rdquo; / &ldquo;Privacy Control&rdquo;
                                        <br>
                                        you will find an on/off slider &ldquo;Scan SSL&rdquo; which can be used to temporarily or
                                        <br>
                                        permanently enable or disable this single aspect of BitDefender's operation.
                                    </div>
                                </td>
                            </tr>
                        </tbody>
                    </table>
                </center>
                <p>
                    Note that since extended validation (
                    <b style="color:#080">
                        EV
                    </b>
                    ) certificates cannot be spoofed, any use of these machine-resident connection intercepting systems will disable all extended validation certificate display.
                </p>
                <p>
                </p>
                <div class="larger_red_arial" style="margin-bottom:0.2em;">
                    Strange Web Server Configuration:
                </div>
                The only criteria for web servers is that they work, not that they necessarily make much sense to users. For example, these are
                <b>
                    the two DIFFERENT certificates
                </b>
                we receive for the wordpress.com domain with, and without, the &ldquo;www&rdquo; prefix:
                <p>
                </p>
                <center>
                    <table border="0" cellpadding="0" cellspacing="0">
                        <tbody>
                            <tr>
                                <td align="right">
                                    <table cellspacing="0" class="chart">
                                        <tbody>
                                            <tr>
                                                <td class="topleft">
                                                    Domain&nbsp;Name
                                                </td>
                                                <td class="top">
                                                    Certificate&nbsp;Name
                                                </td>
                                                <td class="top">
                                                    Security Certificate's
                                                    <span style="color:black; font-weight:bold">
                                                        Authentic
                                                    </span>
                                                    Fingerprint
                                                </td>
                                            </tr>
                                            <tr class="dark">
                                                <td class="left">
                                                    wordpress.com
                                                </td>
                                                <td>
                                                    wordpress.com
                                                </td>
                                                <td>
                                                    52:0E:61:A7:BD:5C:34:6E:64:BC:5C:DC:02:DF:AD:FF:C2:48:21:47
                                                </td>
                                            </tr>
                                        </tbody>
                                    </table>
                                </td>
                            </tr>
                            <tr>
                                <td>
                                    &nbsp;
                                </td>
                            </tr>
                            <tr>
                                <td align="right">
                                    <table cellspacing="0" class="chart">
                                        <tbody>
                                            <tr>
                                                <td class="topleft">
                                                    Domain&nbsp;Name
                                                </td>
                                                <td class="top">
                                                    Certificate&nbsp;Name
                                                </td>
                                                <td class="top">
                                                    Security Certificate's
                                                    <span style="color:black; font-weight:bold">
                                                        Authentic
                                                    </span>
                                                    Fingerprint
                                                </td>
                                            </tr>
                                            <tr class="dark">
                                                <td class="left">
                                                    www.wordpress.com
                                                </td>
                                                <td>
                                                    *.wordpress.com
                                                </td>
                                                <td>
                                                    52:0E:61:A7:BD:5C:34:6E:64:BC:5C:DC:02:DF:AD:FF:C2:48:21:47
                                                </td>
                                            </tr>
                                        </tbody>
                                    </table>
                                </td>
                            </tr>
                        </tbody>
                    </table>
                </center>
                <p>
                    As you can see, depending upon how we ask for the certificate,
                    <u>
                        with or without the &ldquo;www&rdquo; prefix
                    </u>
                    , we receive two entirely different certificates. They have
                    <b>
                        different
                    </b>
                    certificate &ldquo;Common Names&rdquo; (Certificate Names) and, of course,
                    <b>
                        radically different
                    </b>
                    fingerprints.
                </p>
                <p>
                    The lesson here is that you
                    <b>
                        MUST be vigilant
                    </b>
                    about comparing the &ldquo;Certificate Name&rdquo;, also known as the &ldquo;Common Name&rdquo; on the certificate with what this GRC page shows here to be sure you are examining and comparing the
                    <b>
                        SAME
                    </b>
                    certificate. The result of not being careful, would be a &ldquo;falsely positive&rdquo; belief that SSL interception was occurring when it is not. And we don't want that.
                </p>
                <p>
                </p>
                <div class="larger_red_arial" style="margin-bottom:0.2em;">
                    The possibility of a &ldquo;GRC Exception&rdquo;:
                </div>
                SSL-intercepting Proxy Appliances are highly configurable. In fact, in many cases the so-called &ldquo;C-level&rdquo; executives within a corporation&mdash;the CEO, CFO, CIO, CTO, COO, etc.&mdash;
                <b>
                    do not have
                    <i>
                        their
                    </i>
                    own SSL connections intercepted at all!
                </b>
                It's only the lowly and less trusted peons who need to be spied upon.
                <p>
                </p>
                <p>
                    So, theoretically, specific web sites like this one could be excluded from SSL-interception, decryption and logging. Therefore, if THIS SSL Fingerprinting facility at GRC were to become popular, SSL-interception Proxies
                    <b>
                        could
                    </b>
                    make an exception and deliberately
                    <b>
                        not
                    </b>
                    intercept your browser's connections to GRC. Then the GRC fingerprints would match, and visitors would be lead to falsely believe that NO OTHER connections were being intercepted.
                </p>
                <center>
                    <table>
                        <tbody>
                            <tr>
                                <td class="nice_red_box" style="color:#800;">
                                    <center>
                                        IF WE
                                        <b>
                                            EVER
                                        </b>
                                        LEARN THAT THIS IS BEING DONE
                                        <br>
                                        WE WILL
                                        <b>
                                            IMMEDIATELY
                                        </b>
                                        UPDATE THIS PAGE.
                                    </center>
                                </td>
                            </tr>
                        </tbody>
                    </table>
                </center>
                <p>
                    But that's why this page obtains the fingerprints for
                    <b>
                        many
                    </b>
                    of the top web sites on the Internet
                    <b>
                        &nbsp;.&nbsp;.&nbsp;.&nbsp;
                    </b>
                    they would
                    <b>
                        all
                    </b>
                    need to be bypassed for
                    <b>
                        your
                    </b>
                    web browser to obtain the same fingerprint for them as GRC
                    <b>
                        &nbsp;.&nbsp;.&nbsp;.&nbsp;
                    </b>
                    which seems unlikely to be done. And that's also why we added the &ldquo;Custom Site Fingerprinting&rdquo; feature: Only
                    <b>
                        you
                    </b>
                    know which domains you want to verify are NOT being intercepted.
                </p>
                <p>
                </p>
                <div class="larger_red_arial" style="margin-bottom:0.2em;">
                    VERY unlikely, but needs to be mentioned . . .
                </div>
                Once SSL Interception is occurring, the page CONTENT being delivered over SSL can no longer be absolutely trusted. Since the pages are already being decrypted and scanned for content, nothing prevents them from also being altered. What that means is, though it is incredibly unlikely, an SSL-intercepting Proxy Appliance
                <b>
                    could theoretically alter THIS page
                </b>
                on the fly, before your web browser receives it. Such an alteration could replace the authentic fingerprints the GRC server has received and forwarded to your web browser with fraudulent fingerprints for the sites being tested. (But there's a solution to that as well.)
                <p>
                </p>
                <center>
                    <table>
                        <tbody>
                            <tr>
                                <td class="nice_red_box" style="color:#800;">
                                    <center>
                                        IF WE
                                        <b>
                                            EVER
                                        </b>
                                        LEARN THAT THIS IS BEING DONE
                                        <br>
                                        WE WILL
                                        <b>
                                            IMMEDIATELY
                                        </b>
                                        UPDATE THIS PAGE.
                                    </center>
                                </td>
                            </tr>
                        </tbody>
                    </table>
                </center>
                <p>
                    And remember that since GRC is 100% secured using Extended Validation (
                    <b style="color:#080">
                        EV
                    </b>
                    ) certificates, if you are viewing this site through a browser such as Firefox or Chrome, which properly validates
                    <b style="color:#080">
                        EV
                    </b>
                    certificates, and if you are seeing the special green
                    <b style="color:#080">
                        EV
                    </b>
                    display in your browser's address bar for this page, then the connection can not possibly have been intercepted and altered. (
                    <a href="/ssl/ev.htm">
                        See this page
                    </a>
                    for a full discussion of the special anti-spoofing power of extended validation certificates.)
                </p>
                <p>
                </p>
                <div class="larger_red_arial" style="margin-bottom:0.2em;">
                    But there's a solution to THAT as well!
                </div>
                All you need to do is go home (or anywhere that's unlikely to have SSL interception in place) then bring up and print just the first page of this GRC Fingerprints page. Now you'll have a handy hardcopy showing the
                <b>
                    authentic fingerprints
                </b>
                of those top popularity web sites shown at the top when this page is first presented. Bring the printout back to where you're wondering about SSL interception and filtering. Bring up a few of those sites and compare their fingerprints to the handy printout. If they match, you know absolutely that they are
                <b>
                    NOT
                </b>
                being filtered. And if they don't match
                <b>
                    &nbsp;.&nbsp;.&nbsp;.&nbsp;
                </b>
                something fishy may well be going on.
                <p>
                </p>
                <div class="blue_section_heading">
                    Additional Resources:
                </div>
                <ul>
                    <li>
                        <a href="/utility/fingerprints_feedback.htm">
                            <b>
                                Send us any feedback
                            </b>
                        </a>
                        , questions, thoughts, ideas, etc., about this HTTPS connection fingerprinting page.
                    </li>
                    <li>
                        Michael Horowitz's
                        <a href="http://blogs.computerworld.com/cybercrime-and-hacking/22050/steve-gibsons-fingerprint-service-detects-ssl-man-middle-spying">
                            <b>
                                &ldquo;Defensive Computing&rdquo; blog at ComputerWorld
                            </b>
                        </a>
                        has a terrific and even more extensive explanation of this issue. If you're interested in reading more about this, check it out!
                    </li>
                    <li>
                        <b>
                            Direct Domain Access:
                        </b>
                        Webmasters who wish to place links on their own sites to allow their visitors to be assured of their connection's privacy, may simply append the string &ldquo;?domain=domain.name&rdquo; to the end of this page's URL. So, for example, to directly display the certificate fingerprint for &ldquo;www.pbs.org&rdquo;, the URL would be:
                        <span class="font7px">
                            <br>
                            <br>
                        </span>
                        <center>
                            <a href="https://www.grc.com/fingerprints.htm?domain=www.pbs.org">
                                <span style="font-size:larger;">
                                    https://www.grc.com/fingerprints.htm?domain=www.pbs.org
                                </span>
                            </a>
                            <br>
                            <span style="color:#000; font-size:smaller;">
                                <i>
                                    (click it and see)
                                </i>
                            </span>
                        </center>
                    </li>
                    <li>
                        <a href="http://www.wired.com/threatlevel/2010/03/packet-forensics/">
                            <b>
                                A WIRED Magazine article
                            </b>
                        </a>
                        discussing a device made by &ldquo;Packet Forensics&rdquo; for perpetrating exactly this sort of secretive connection interception.
                    </li>
                    <li>
                        <a href="/miscfiles/HTTPS_Interception_Proxies.pdf">
                            A comprehensive White Paper
                        </a>
                        (1.27 mb PDF) which accompanied Jeff Jarmoc's presentation at the Black Hat Europe, March 14, 2012, conference. Jeff's presentation and paper were titled: SSL/TLS Interception Proxies and Transitive Trust.
                    </li>
                    <li>
                        <a href="http://www.miguelms.com/httpsint.htm">
                            A Spanish language explanation of these ideas
                        </a>
                        : Miguel Mollejo, a valued contributor to
                        <a href="/discussions.htm">
                            GRC's public newsgroups
                        </a>
                        , has thoughtfully produced a Spanish language explanation of these ideas.
                    </li>
                </ul>
                <br>
            </div>
            <!-- CLOSE THE PAGE CONTAINER DIV -->
            <script "type="text/javascsript" language="javascript">
                document.getElementById('domainname').focus();
                window.scroll(0, 0);
            </script>
            <br>
            <table border="0" cellpadding="0" cellspacing="0">
                <tbody>
                    <tr>
                        <td>
                            <a href="#top">
                                <img alt="Jump to top of page" border="0" height="51" src="https://www.grctech.com/_zjvpugn0pc0ji_/image/grc-icon.gif" title="Jump to top of page" width="51">
                            </a>
                        </td>
                        <td>
                            <div style="margin:0 20px;">
                                <font color="#777777" size="-2">
                                    Gibson Research Corporation is owned and operated by Steve Gibson.&nbsp;&nbsp;The contents
                                    <br>
                                    of this page are Copyright (c) 2020 Gibson Research Corporation. SpinRite, ShieldsUP,
                                    <br>
                                    NanoProbe, and any other indicated trademarks are registered trademarks of Gibson
                                    <br>
                                    Research Corporation, Laguna Hills, CA, USA. GRC's web and customer
                                    <a href="https://www.grc.com/privacy.htm" target="_top">
                                        privacy policy
                                    </a>
                                    .
                                </font>
                            </div>
                        </td>
                        <td>
                            <a href="#top">
                                <img alt="Jump to top of page" border="0" height="38" src="https://www.grctech.com/_zjvpugn0pc0ji_/image/jumptotop.png" title="Jump to top of page" width="52">
                            </a>
                        </td>
                    </tr>
                </tbody>
            </table>
            <br>
        </center>
    </body>
</html>

Latest requests

# Url Url Source Date
1 https://www.grc.com/fingerprints.h… 2024-03-28 09:24:20
2 https://thebolditalic.com/?gi=16e2… 2024-03-28 09:24:14
3 https://thebolditalic.com/?gi=86f0… 2024-03-28 09:24:13
4 https://thebolditalic.com/?gi=67c2… 2024-03-28 09:24:12
5 https://thebolditalic.com/?gi=b7e6… 2024-03-28 09:24:06
6 https://thebolditalic.com/?gi=1000… 2024-03-28 09:23:59
7 https://careerhumor.net/ 2024-03-28 09:23:55
8 https://thebolditalic.com/?gi=b943… 2024-03-28 09:23:54
9 https://thebolditalic.com/?gi=bf93… 2024-03-28 09:23:50
10 https://thebolditalic.com/?gi=4d8c… 2024-03-28 09:23:46
11 https://thebolditalic.com/?gi=3326… 2024-03-28 09:23:45
12 https://thebolditalic.com/?gi=64c3… 2024-03-28 09:23:42
13 https://thebolditalic.com/?gi=932a… 2024-03-28 09:23:38
14 https://thebolditalic.com/?gi=009e… 2024-03-28 09:23:34
15 https://thebolditalic.com/?gi=3577… 2024-03-28 09:23:30
16 https://thebolditalic.com/?gi=1860… 2024-03-28 09:23:27
17 https://thebolditalic.com/?gi=7164… 2024-03-28 09:23:22
18 https://thebolditalic.com/?gi=139e… 2024-03-28 09:23:20
19 https://thebolditalic.com/?gi=ad14… 2024-03-28 09:23:18
20 https://thebolditalic.com/?gi=1f3b… 2024-03-28 09:23:15