{"id":123604,"date":"2021-06-09T13:23:09","date_gmt":"2021-06-09T20:23:09","guid":{"rendered":"https:\/\/lifeboat.com\/blog\/2021\/06\/hackers-can-mess-with-https-connections"},"modified":"2021-06-09T13:23:09","modified_gmt":"2021-06-09T20:23:09","slug":"hackers-can-mess-with-https-connections","status":"publish","type":"post","link":"https:\/\/lifeboat.com\/blog\/2021\/06\/hackers-can-mess-with-https-connections","title":{"rendered":"Hackers can mess with HTTPS connections"},"content":{"rendered":"<p><a class=\"aligncenter blog-photo\" href=\"https:\/\/lifeboat.com\/blog.images\/hackers-can-mess-with-https-connections2.jpg\"><\/a><\/p>\n<p>Typically abbreviated as TLS, Transport Layer Security uses strong encryption to prove that an end user is connected to an authentic server belonging to a specific service (such as Google or Bank of America) and not an impostor masquerading as that service. TLS also encrypts data as it travels between an end user and a server to ensure that people who can monitor the connection can\u2019t read or tamper with the contents. With millions of servers relying on it, TLS is a cornerstone of online security.<\/p>\n<p>In a <a href=\"https:\/\/alpaca-attack.com\/\">research paper<\/a> published on Wednesday, Brinkmann and seven other researchers investigated the feasibility of using what they call cross-protocol attacks to bypass TLS protections. The technique involves an MitM attacker redirecting cross-origin HTTP requests to servers that communicate over SMTP, IMAP, POP3, or FTP, or another communication protocol.<\/p>\n<p>The main components of the attack are the client application used by the targeted end user, denoted as C; the server the target intended to visit, denoted as S<sub>int<\/sub>; and the substitute server, a machine that connects using SMTP, FTP, or another protocol that\u2019s different from the one server<sub>int<\/sub> uses but with the same domain listed in its TLS certificate.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Typically abbreviated as TLS, Transport Layer Security uses strong encryption to prove that an end user is connected to an authentic server belonging to a specific service (such as Google or Bank of America) and not an impostor masquerading as that service. TLS also encrypts data as it travels between an end user and a [\u2026]<\/p>\n","protected":false},"author":396,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1625,1492],"tags":[],"class_list":["post-123604","post","type-post","status-publish","format-standard","hentry","category-encryption","category-security"],"_links":{"self":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/123604","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/users\/396"}],"replies":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/comments?post=123604"}],"version-history":[{"count":0,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/123604\/revisions"}],"wp:attachment":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/media?parent=123604"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/categories?post=123604"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/tags?post=123604"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}