Pin Me

HTTPS Vulnerability

written by: Steve Mallard•edited by: Ronda Bowen•updated: 7/4/2011

Everyone including myself use to think that https:// (the internet protocol for secure hypertext transfer protocol) was secure. This may not be the case anymore. With different tools, https has vulnerabilities that can be compromised by a malicious user.

  • slide 1 of 2

    HTTPS Isn't as Secure as You Think

    Everyone including myself use to think that https:// (the internet protocol for secure hypertext transfer protocol) was secure. This connection called Secure Socket Layers (ssl) is a way that your computer uses port 443 to send encrypted data between you and the individual site. With the exchange of a valid certificate the secure socket layers of https secures data from one point to another point. At Defcon in 2008 a presentation to release a tool to steal https cookies was demonstrated and shown. This tool creates a huge risk for users of email, banks and other secure websites. Each https site normally requires a 'cookie' to be placed on your computer so that the session can be monitored. Interception of this cookie provides a way for hackers to use the cached information to gain access to your secure data.

    Why does this matter? Transmission of confidential data about an individual or their accounts could possibly be compromised by following the aforesaid steps. A summary below is how this takes place (excerpts from pdf file available on the web): The use of a fully automated pylorcon tool, for cookie gathering, caches DNS responses, listens for 443 connections, uses cache to map IP to domain name, stores IP+host into injection queue, next time the IP connects to any website: it injects <img src=”http://yourstuffaddress”> and then gathers any resulting cookies and writes cookies.txt file for use in Firefox.

  • slide 2 of 2

    Protecting from Identity and Data Theft

    So how do you protect yourself from this 'cookie theft'. Always use the 'Log out' button if available. Clear cookies and history often in Internet Explorer, Firefox, Opera or whatever browser you use. With cookies being the cheap way out, it will be interesting to see how online banking and other institutions change their practices. Data theft is on the rise as you can see from the CSI/FBI's survey. How many incidents go unreported or are not even known? I have reviewed logs from many Apache and IIS servers only to find 'hits' from foreign countries. With Identity theft on the rise, this exploit could compromise many secure websites and create a snowball effect on crimes committed on the internet.