Sites that are still using MD5

Software

The SSL Blacklist add-on warning screen after loading a page
The SSL Blacklist add-on warning screen after loading a page

If you’re a Mozilla Firefox user and you haven’t installed the SSL Blacklist add-on from CodeFromThe70s.org yet, you should absolutely go there right now and click the sslblacklist-4.0.30.xpi link. By installing this plugin you can help protect yourself from suspect SSL root certificate authorities, as well as make sure the sites you’re visiting are no longer using the demonstratively flawed MD5 hash algorithm.

ASIDE: I’d argue this plugin along with NoScript are the two greatest arguments for using Firefox. No other browser with these plugins are a match. I feel naked, cold and scared using anything else now.

MD5 is still probably safe, but the fact it has been shown to have problems should alert people running websites to move over to an SHA hash instead. If you find such a site, you absolutely want to let their admins know about it.

So far I’ve installed SSL Blacklist on my dad’s, sister’s and my machines and we’ve been warned the following sites are using MD5:

If we find any more we’ll add them to the list. Feel free to post a comment with links too. Be careful though, my spam filters block anything with more than three links so you may need to space them out. Cheers.

Author bio and support

Me!

Ruben Schade is a technical writer and infrastructure architect in Sydney, Australia who refers to himself in the third person. Hi!

The site is powered by Hugo, FreeBSD, and OpenZFS on OrionVM, everyone’s favourite bespoke cloud infrastructure provider.

If you found this post helpful or entertaining, you can shout me a coffee or send a comment. Thanks ☺️.