
Ask HN: How can one test if the connection to a site is secure and encrypted? - gymshoes
Assuming that the firmware on a router is infected or something like https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=18086418 and I want to know if I am connected to the proper website?<p>Also, can one check if keystrokes are being recorded?
======
db48x
You see that lock icon in your browser's url bar? If you see that, then you're
using an encrypted connection, and your browser was able to verify that the
site's SSL certificate is valid and is signed by at least one trusted
Certificate Authority. You can click on it to get more information about the
certificate, which CA or CAs its signed by, how long it'll be valid for, etc.

If the firmware on your router is replaced by a malicious program, then it
could intercept all SSL connections and handle them itself. However, it will
not be able to present a valid certificate, signed by a real Certificate
Authority. Thus the lock icon will show as broken, and you'll know that
something is wrong.

Note that in a corporate setting, it's not unheard of for an employer to add
itself as a trusted Certificate Authority on your work computer. This allows
them to intercept all encrypted SSL traffic and also have the lock icon not be
broken. Of course there's absolutely nothing wrong with this, because your
employer is perfectly trustworthy and would never betray you or spy on you.

