The protocol HTTPS (HyperText Transfer Protocol over Secure Socket Layer) ensures a significantly higher level of security than traditional HTTP which does not provide for the encryption of information exchanged between Web browsers and Web servers. But what happens when an attacker manages to find a way to bypass HTTPS?
According to the researchers of Kaspersky this risk would not only be theoretical and any Russian black hat hacker would have found a system by which to monitor Google's browsing activities Chrome and Mozilla Firefox even when they take place through (hypothetically) "secure" connections. All this would be possible thanks to the installation of patches for the update.
In essence, the fact that these patches involve changes to target applications, alterations through which an attacker would be able to impersonate the potential victim would be exploited. To avoid a danger of this kind the only possible solution could be, at the moment, that of an ex novo browser installation.
In its own way the described dynamics confirms that a system through which to compromise the encryption carried out under HTTPS would not yet be available, in the specific case in fact more than a modality with which to steal information of others one should speak of a tool for remote control. The purpose of an attack could therefore be more political than economic.
Currently the only episodes attributable to the violation system revealed by Kaspersky would have occurred in Russia and in Biellorussia, the suspicion (for now not supported by any confirmation) is that behind them there is an activity of cyberspionaggio more or less extensive whose principals could be of governmental origin.