The exploitation of flaws in the HTTPS protocol

The HTTPS protocol is a vital tool in safeguarding the security of our personal and business lives. This protocol ensures that important data such as financial information, intellectual property and login credentials are encrypted and integrity protected as they travel across the internet. Ultimately this means a malicious observer is unable to obtain, view, use or sell this important data. To both technical and non-technical users, the presence of “HTTPS” at the start of the website URL will provide enough confidence to consider entering sensitive information such as bank or credit card details. However, in this article we will explain how even websites owned by the most reputable organisations may be exposed to a 20-year-old attack – originally known as the “Million Message Attack” due to Daniel Bleichenbacher – if HTTPS is not properly implemented. Around 33% of internet servers were found to be vulnerable to this attack in 2016, and both Facebook and PayPal remained vulnerable in 2017. Furthermore, related weaknesses in HTTPS implementations are still regularly being discovered. As a result, a secure TLS implementation is imperative for all organisations looking to maintain their business reputations and sensitive intellectual property.

Vendor:: TechTarget ComputerWeekly.com
Posted:: Feb 8, 2021
Published:: Apr 16, 2019
Format:: PDF
Type:: Research Content

Already a Bitpipe member? Log in here

Download this Research Content!

Corporate Email Address:
You forgot to provide an Email Address.

This email address doesn’t appear to be valid.

Please provide a Corporate Email Address.

This email address is already registered. Please log in.
First Name:
You forgot to provide your first name.
Last Name:
You forgot to provide your last name.
Company Name:
You forgot to provide a company name.
Job Title:
You forgot to provide a job title.
Seniority:
You forgot to select your seniority.
Job Function:
You forgot to select your job function.
# of employees:
You did not select the number of employees at your company.
Industry:
You did not select which industry you are in.
Sub-Industry:
You did not select which industry you are in.
Address 1:
You did not provide a full local address.
Address 2:
City/Town:
You did not provide a full local address.
Country:
You did not select the country you are from.
State/Province:

You did not provide a full local address.
Zip/Postal Code:
You did not provide a full local address.
Phone:
You forgot to provide a phone number.

This phone number format is not recognized. Please check the country and number.
- I agree to TechTarget’s Terms of Use, Privacy Policy, and the transfer of my information to the United States for processing to provide me with relevant information as described in our Privacy Policy.
Please check the box if you want to proceed.
- I agree to my information being processed by TechTarget and its Partners to contact me via phone, email, or other means regarding information relevant to my professional interests. I may unsubscribe at any time.
Please check the box if you want to proceed.