Performing & Preventing SSL Stripping: A Plain-English Primer
A blog post discusses the KRACK attack that exploits a vulnerability in WPA2 encryption protocol used by modern Wi-Fi networks, allowing interception of traffic. It highlights the importance of HTTPS for secure internet connections and explains how it works with various standards like SSL and TLS. The post also covers HTTP Strict Transport Security (HSTS) to enforce HTTPS usage and HSTS Preload Lists to hardcode a list of websites that need to be connected using HTTPS-only. Despite these measures, there are still potential attack vectors within HTTPS specifications and ciphers. The author recommends implementing technologies like HSTS and submitting sites to preload lists for improved internet security.
Company
Cloudflare
Date published
Oct. 20, 2017
Author(s)
Junade Ali
Word count
2133
Language
English
Hacker News points
None found.