SSL Stripping - SSL/TLS Downgrade
This type of attack can be called either of the above names. Pay attention to the question. The question may have stated the user went to his financial organization's website, https://www.bank.com. But when you look at the logs the user actually went to http://www.bank.com.
HTTPS would have used port 443, whereas HTTP will use port 80. That could be another hint as to the attack being SSL Stripping or SSL/TLS downgrade attack that has taken place.
The ways of preventing these attacks (has to be configured on the server):
- HSTS (HTTP Strict Transport Security)
- HTTP security header
No comments:
Post a Comment