SSL Attacks — When Hackers Use Security Against You

by Frank Yue

In World War II, the Allies had a significant advantage because they were able to compromise the encryption protocols that the Japanese and Germans used to send sensitive messages. They were able to intercept and decode messages to gain intelligence concerning sensitive military operations.

In today’s Internet Age, malicious hackers are using standard encryption standards that businesses implement to secure their communications. They are sending attacks inside the security protocols that are designed to protect the application.

Secrecy is a two-way street

Organizations use secure sockets layer (SSL) and transport layer security (TLS) to encrypt their internet communications. The encryption protocols are utilized to ensure privacy and ensure data integrity. Unfortunately, the encryption protocols secure all application data, whether it is legitimate or malicious.

Hackers are using the SSL/TLS protocols as a tool to obfuscate their attack payloads. A security device may be able to identify a cross-site scripting or SQL injection attack in plaintext, but if the same attack is encrypted using SSL/TLS, the attack will go through unless it has been decrypted first for inspection.

Read more: