In the last week we reported just the fact that increasingly rely on secure connections via HTTPS and it is to be welcomed in view of the safety course. Especially when it comes to sensitive data beeing transmitted, the use of SSL / TLS should be standard. Today we found a message that shows, the secure connection is not so safe yet. Sure, everything can be hacked, there’s no question about that – but the HEIST method is a kind of attack on that affiliates should take attention.
Behind the word HEIST (HTTP Encrypted Information can be Stolen through TCP windows) lies a method to attack SSL / TLS in the browser, which showed two security experts now. For the first time the attacker must no longer monitor the encrypted traffic in order to inflict damage. Rather, informations about the encrypted data can be output via a Javacsript that is on a site. One possible scenario is that the attacker inject the javascript through ad networks. Until the takeover of the account of a user a lot of damage is quite capable.
Currently, there are at most browsers still no protective mechanism against these types of attacks. And according to experts it will take some time before there are solutions. Who wants to be safe from attacks of this kind, can only do in rigorously rejection of third-party cookies. But unfortunately, that also makes that many websites and services can then no longer be used.