HEIST, it’s the name of attack technique unveiled by security researchers at KU Leuven. It’s given a definition also – HTTP encrypted information can be stolen through TCP-Windows.
Let’s try to figure out.
Recently, Mathy Vanhoef and Tom Van Goethem, PhD researchers in KU Leuven took a short briefing on this subject. They explained how they could able to track vulnerabilities of some secure websites.
I’m interested in quoting some of the main points from this briefing.
The idea of HEIST comes from the background of the number of attacks against SSL/TLS over the last few years. Without the existence of an adversary that’s capable of manipulating network traffic, it wasn’t able to figure out vulnerabilities of these SSL/TLS channels that were attacked. Here’s where HEIST came. It could able to exploit flaws in network protocols without sniffing to network traffic.
How it Works?
Possible Ways to Avoid such a Situation
Tom Van Goethem also says, disabling third-party cookies in the browser is the only way to prevent attacks at least in the short term. And, it won’t be a heavy task. Most of the today’s browsers, it’ll be On by default. The internet browser used to access sensitive websites should be clean, lacking unwanted plugins or ad-ons. Other browsers can be set to receive cookies.
These type of studies have a great impact in indicating the vulnerabilities in network security. At least some internet browsing programs would become aware of these flaws, and some of them may bring security patches. Anyway, thanks to KU Leuven researchers for figuring out this vulnerability