Heartbleed
Heartbleed is the name of a vulnerability in the OpenSSL cryptographic library which at the time of disclosure affected around 17% of SSL web servers using certificates issued by trusted certificate authorities. The vulnerability has the potential to allow attackers to retrieve private keys and ultimately decrypt the server’s encrypted traffic or even impersonate the server. The cause was a missing bound check in the handling of the TLS heartbeat Extension which can allow remote attackers to view up to 64 kilobytes of memory on an affected server.
When you visit a web site which uses SSL, the Netcraft Extension will detect if the site offered the heartbeat TLS Extension prior to the Heartbleed disclosure using data from the Netcraft SSL Survey. If this is the case the Extension will also check to see if the SSL certificate has been reissued, if it has not then the site is unsafe as the certificate’s private key may have been compromised prior to the fix. Even if the certificate has been reissued it does not guarantee the site cannot be impersonated using the old certificate unless it has been revoked. The Extension will indicate when a site is unsafe by displaying a bleeding-heart icon, which on mouseover displays an explanatory tooltip. Additionally, if the server is affected by Heartbleed or does not support Perfect Forward Secrecy, a warning triangle will be displayed on top of the Netcraft icon.
IP Geolocation
We use multilateration to independently determine the location of a server. Multiple servers will ping the IP address and record the round-trip time. There is a limit on the distance light can travel through optical fibre cables in this time, which constrains the possible distance from the server performing the ping. Combining the constraints from multiple servers provides an area that the IP address is truly located within.
RIPE Atlas is one of the sources used to calculate our geolocation data. RIPE Atlas is a dynamic, global network of thousands of probes that have been measuring Internet connectivity and reachability in near real time since 2010. Anyone can directly access the data collected by RIPE Atlas, as well as Internet maps, graphs, tools, and analyses based on the aggregated results, at https://atlas.ripe.net. RIPE Atlas was developed and is operated by the RIPE NCC, along with the help of thousands of volunteers. The RIPE NCC is one of five Regional Internet Registries (RIRs) that support the global operation of the Internet.
Perfect Forward Secrecy
Perfect Forward Secrecy (PFS) is a property of an SSL connection which ensures that previously recorded encrypted traffic cannot be easily decrypted if the SSL private key later becomes available for example, because of a court order, social engineering, an attack against the website or cryptanalysis.
When you visit a web site which uses SSL, the Extension will detect if it is likely that your web browser has negotiated an SSL cipher suite which supports PFS. It will display a green tick if so, and a red cross if not. Additionally, if the connection does not support PFS or is affected by Heartbleed, a warning triangle will be displayed on top of the Netcraft icon.
Risk Rating
The Risk Rating displayed by the Netcraft Extension offers a further level of protection against new sites that are not yet in Netcraft’s database. A lower risk rating is better as it indicates lower risk.
Although some sites contain entirely benign content, the Netcraft Extension may assign a high Risk Rating because it could be hosted under a newly registered domain, the site may have never been seen in the Netcraft Web Server Survey before, or the network hosting the site may have hosted a number of fraud sites in the past.
Many other factors are also considered. Hosting a web site on an unusual port number will also increase the Risk Rating, as will hosting a site from a raw IP address, as many phishing sites employ this tactic. The Risk Rating can be calculated fast enough to be performed for arbitrary sites as people visit them and does not rely on manual categorization.