An update to the Netcraft Anti-Phishing Extension for Mozilla Firefox is now available. This release replaces the Toolbar interface with a modern Button interface to sit alongside the browser's address bar.

The upcoming Firefox 57 — to be released on the 14^th November — represents a major overhaul of the browser, and removes support for legacy XUL extensions. Future versions of Firefox will only support the new cross-browser WebExtensions API.

The Netcraft Anti-Phishing Extension (known then as the Netcraft Toolbar) was first made available for Internet Explorer in December 2004. A Firefox version followed in May 2005. The current button-style Anti-Phishing Extension was released for Google Chrome and the Opera browser in 2012 and 2013 respectively. The new extension enjoys a 4.5 star rating on the Google Chrome Store.

The Extension runs on any operating system supported by the desktop version of Mozilla Firefox and displays the hosting location, country, longevity, popularity, and an abstracted risk rating for each site visited. In particular its key features are:

• Protection against phishing sites — The Netcraft anti-phishing community is effectively a giant neighbourhood watch scheme, empowering the most alert and most expert members to defend everyone within the community. As soon as the first recipients of a phishing mail report it, we can block it for all users of the extension providing an additional level of protection from Phishing. Netcraft processes reports of fraudulent URLs from a diverse variety of sources and proactively searches for new fraudulent sites.
• Detailed site reports — simply click the Netcraft logo to access a wealth of information about the sites you visit, helping you to make informed choices about their safety.
• Risk Ratings — we evaluate the characteristics of the site compared against those depicted by fraudulent sites. The result is a simple visual summary displayed on the site report.
• Conveniently report suspected phishing & fraudulent sites — At the click of the button you can report suspected web forgeries to Netcraft, helping to protect the community. Netcraft operates an incentive scheme for Phishing site submissions, including iPads, backpacks, mugs, and more... Over 38.4 million phishing sites have been detected and blocked by Netcraft since the anti-phishing service was launched (November 2017).
• Protection against cross site scripting (XSS) — The extension optionally traps XSS and other suspicious URLs which contain characters highly likely to deceive.

The Extension is available for download from the Firefox add-ons page and requires no special administrator privileges to install. Users of the existing Netcraft Anti-Phishing Toolbar will be upgraded automatically to the latest version.

Versions of the Extension are available for other browsers on the Google Chrome Store and Opera add-ons page.

Customised versions with corporate branding and navigation are also available.

The SSL/TLS protocol — used to protect sensitive communication across the internet — combines encryption with authentication, providing a private connection to the intended recipient. To achieve this, SSL certificates bind together a cryptographic key and a domain name, and are digitally-signed by a trusted certificate authority (CA). Commercial CAs compete to sell certificates to the general public and account for the bulk of the SSL certificates seen on the internet.

Netcraft's SSL Server Survey has been running since 1996 and has tracked the evolution of this marketplace from its inception — there are now more than one thousand times more certificates on the web now than in 1996. As CAs issue certificates, and most charge (or not charge) accordingly, the number of certificates issued becomes the natural unit of measurement. Our survey therefore counts valid, trusted SSL certificates used on public-facing web servers, counting each certificate once, even if used on multiple websites.

Two types of certificates make the distinction between counting sites and certificates most apparent: multi-domain certificates and wildcard certificates. These two types now account for almost a quarter of all certificates found.

• Multi-domain certificates (or UCC certificates) use the Subject Alternative Name extension to specify additional hostnames for which this certificate is valid — CloudFlare uses this technique heavily, having dozens of unrelated sites share the same certificate.
• Wildcard certificates are valid for all possible subdomains of a domain, for example *.netcraft.com would be valid for www.netcraft.com, host-a.netcraft.com, host-b.netcraft.com, etc. Our methodology counts a wildcard certificate once, no matter the number of sites for which it is valid.

Netcraft also counts certificates used by subdomains. For example, if foo.example.com, bar.example.com and baz.example.com are all using different SSL certificates, Netcraft will count all three certificates that have been issued.

Although the global SSL ecosystem is competitive, it is dominated by a handful of major CAs — three certificate authorities (Symantec, Comodo and GoDaddy) account for three-quarters of all issued SSL certificates on public-facing web servers. The top spot has been held by Symantec (or VeriSign before it was purchased by Symantec) ever since the survey began, with it currently accounting for just under a third of all certificates. To illustrate the effect of differing methodologies, amongst the million busiest sites Symantec issued 44% of the valid, trusted certificates in use — significantly more than its overall market share.

However, nothing ever stays still forever — Let's Encrypt could shake up the market for SSL certificates later on this year by offering free certificates with a simplified installation process. Whilst free certificates and automated tools are nothing new, the open approach and the backing of Mozilla, IdenTrust, the EFF, and Akamai could change the SSL ecosystem forever.

Beyond counting certificate numbers, Netcraft's SSL Survey also tracks the list and reseller prices of the most popular certificate authorities. This provides another useful market share metric, as it allows us to estimate the total monthly and annual revenue of each certificate authority attributable to public SSL issuance.

As each type of certificate — multi-domain, wildcard, or Extended Validation for example — is available at a distinct price point, the estimated revenue of a CA can vary significantly, despite initially appearing similarly sized by the total number of certificates. For example, GlobalSign comes in third-place when considering its estimated annual revenue (by list price) in 2014, despite accounting for approximately 6% of all currently valid publicly-visible SSL certificates.

For additional information or details on how to purchase Netcraft’s SSL Server Survey please contact us at sales@netcraft.com or visit our web site.

The Netcraft Extension: Heartbleed and phishing protection rolled into one

The Heartbleed bug affected around 17% of all trusted SSL web servers when it was announced a week ago. The critical vulnerability in the OpenSSL cryptographic library has the potential to allow attackers to retrieve private keys and ultimately decrypt a server's encrypted traffic or even impersonate the server. This is not a theoretical problem: practical attacks have actually succeeded in stealing private keys, yet despite the potential dangers, many of the affected sites have yet to take remedial action.

Even if heartbeat support has been disabled, or OpenSSL upgraded to the latest version, a website that was previously vulnerable to Heartbleed is not necessarily secure today. If the vulnerability had been exploited prior to the upgrade, the certificate's private key could have been compromised. If the certificate has not yet been replaced and the old one revoked, an attacker could impersonate the site and carry out man-in-the-middle attacks against the site's visitors.

Netcraft's updated extensions for Chrome, Firefox and Opera now allow you to see whether the sites you visit are still using potentially compromised certificates. The extensions use data from Netcraft's SSL Survey to determine whether a site offered the heartbeat TLS Extension prior to the Heartbleed disclosure. If this is the case, the extension will also check to see if the site's SSL certificate has been replaced; if it has not, then the site is considered to be unsafe, as the certificate's private key could have been compromised. Even if the certificate has been replaced, it does not guarantee that the site cannot still be impersonated with a copy of the old certificate unless the old certificate has been revoked – and even then, the revocation checking done by browsers is not infallible.

Go here to download the Netcraft Extension for Chrome, Firefox or Opera.

The extension will indicate when a site is potentially unsafe by displaying a bleeding heart icon. Additionally, in the Google Chrome and Opera versions of the Extension, a warning triangle will be displayed on top of the Netcraft icon.

As well as indicating which sites are using a certificate potentially compromised using Heartbleed, the Netcraft Extension also helps protect you from phishing attacks, displays the hosting location and risk rating of every site you visit, and lets you help to defend the internet community against fraudsters.

Netcraft's site report pages can also be used to determine whether a website might still be affected by the fallout from the Heartbleed bug. For example, our site report for https://www.linkedin.com shows that it no longer supports the TLS heartbeat extension and is using a new certificate.

In contrast, the site report for https://www.fedex.com currently shows that the server previously supported TLS heartbeat and the SSL certificate has not been replaced. Even though TLS heartbeat is now disabled, the certificate could still be used to impersonate the site if it had been compromised prior to heartbeat being disabled. Fedex's website is hosted by Akamai, a popular Content Distribution Network, which was potentially vulnerable to Heartbleed. Akamai is in the process of rotating its customers' SSL certificates and stated that "some require extra validation with the certificate authorities and may take longer".

Heartbleed indicator in the Netcraft Site Report