[SSL Observatory] Availability of latest DB dumps of the observatory

Sebastián Ramírez Magrí sebasmagri at riseup.net
Mon May 5 05:02:49 PDT 2014 

On 05/05 12:18, teus wrote:
> This type (HTTPS scan for a particular collection of websites) looks
> like an investigation I did in 2010 with a followup in 2011 (to see if
> the publication has had some influence and it had in some way):
> This investigation was done before the observatory was started. So I
> used SSLlabs (Ivan Ristic) at that time young website to do the actual
> scan (and got a bit more detailed info that way).
> 
> The scan was done on a (semi random) set of https websites in one
> country devided in categories (banks, government, local government, semi
> government, education, trade websites, security firms). The SSLlabs scan
> report was put in an MySQL database so from that database reports could
> be generated.
> From the websites contact info if provided was maintained so automatic
> feedback to the website owner the scan report was sent for notice and
> reaction requests (I needed that to be able to publication it).
> You can get the scripts if you want to. You need to update the scripts
> (from 2011) due to newer discoveries as e.g. heartbleet. You need to
> collect the set of websites and category division by hand however.
> 
> And ... yes this is a lot of work ....
> 
> Is this some help to you?
> 
> teus
> Sebastián Ramírez Magrí schreef op 05-05-14 02:38:
> > Hi folks!
> >
> > In the first place I'd like to thank you guys for your awesome work.
> >
> > In the second place, I'm interested on setting up an index of
> > public/government websites in my country and it's status regarding user's data
> > protection, starting with HSTS/HTTPS status.
> >
> > I'd like to reuse as much as I can, and I believe the SSL Observatory data
> > would be useful for this.
> >
> > Am I right? any hints on this?
> >
> > I've seen tha latest dump linked in the website is from 2010. Is there a way
> > to get a fresher dump?
> >
> > Best Regards,
> >
> 

Hi Teus,

Yes, of course it could help.

Right now we're building an index of the sites that will be periodically scanned
so any input will be useful when I start implementing tests or looking at the
available data. We also considered the automated contact form/email
submissions to the maintainers or owners of the websites, for that I'm
thinking on the opencongress tool.

Can you hand me your scripts?

Best Regards,

-- 
Sebastián Ramírez Magrí
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: <https://lists.eff.org/pipermail/observatory/attachments/20140505/980901f4/attachment.sig>

More information about the Observatory mailing list