/plushcap/analysis/cloudflare/performing-preventing-ssl-stripping-a-plain-english-primer

Performing & Preventing SSL Stripping: A Plain-English Primer

What's this blog post about?

A blog post discusses the KRACK attack that exploits a vulnerability in WPA2 encryption protocol used by modern Wi-Fi networks, allowing interception of traffic. It highlights the importance of HTTPS for secure internet connections and explains how it works with various standards like SSL and TLS. The post also covers HTTP Strict Transport Security (HSTS) to enforce HTTPS usage and HSTS Preload Lists to hardcode a list of websites that need to be connected using HTTPS-only. Despite these measures, there are still potential attack vectors within HTTPS specifications and ciphers. The author recommends implementing technologies like HSTS and submitting sites to preload lists for improved internet security.

Company
Cloudflare

Date published
Oct. 20, 2017

Author(s)
Junade Ali

Word count
2133

Language
English

Hacker News points
None found.


By Matt Makai. 2021-2024.