Logo Header Menu

HTTP/2 more at risk to cyber attacks?

With this new internet framework - HTTP/2 - new, unpredictable types of cyber attack will reveal themselves. HTTP/2 more at risk to cyber attacks? image

HTTP/2 is a new version and a major revision of the HTTP protocol that serves as one of the main building blocks of the Worldwide Web.

The methods, status codes and overall protocol of HTTP will remain within HTTP/2.

The change, the shift from HTTP to HTTP/2, will center on performance, notably network and server resource usage.

Basically it will be faster. A main goal is to allow the use of a single connection from browsers to a Web site.

But faster does not mean safer, and in this case HTTP/2 has been found to be vulnerable to four high profile attack vectors.

>See also: Top 10 most devastating cyber hacks of 2015

Imperva Defense Center – IDC – identified these four high profile vulnerabilities.

These findings will be released in a report – Hacker Intelligence Initiative (HII) Report: “Hacking HTTP/2 – New Attacks on the Internet’s Next-generation Foundation” – tomorrow.

The four high profile attack vendors identified are:

Slow Read – The attack calls on a malicious client to read responses very slowly and is strikingly identical to the well-known Slowloris DDoS attack experienced by major credit card processors in 2010.

HPACK Bomb – This compression-layer attack resembles a zip bomb attack where the attacker crafts small and seemingly innocent messages, which turn into gigs of data on the server-side, consuming all its memory resources and making it unavailable.

Dependency Cycle Attack – The attack takes advantage of the flow control mechanisms that HTTP/2 introduced for network optimization. The malicious client crafts requests that induce a dependency cycle, which forces the server into an infinite loop when trying to process these dependencies.

Stream Multiplexing Abuse – The attacker uses flaws in the way servers implement the stream multiplexing functionality to crash the server which ultimately results in a denial of service to legitimate users.

>See also: 36% of businesses have no response plan for cyber attacks

There is no doubt cyber attacks are on the rise, with a very real threat to who businesses, who must adapt.

With this new internet framework – HTTP/2 – new, unpredictable types of cyber attack will reveal themselves.

Latest news

divider
Cybersecurity
Why your organisation should deploy threat hunting teams

Why your organisation should deploy threat hunting teams

16 October 2019 / Deploying threat hunting teams, what does it take and does it matter? Increasingly, organisations (approximately [...]

divider
Data Analytics & Data Science
Moving from passive to active analytics for data innovation: the use cases

Moving from passive to active analytics for data innovation: the use cases

15 October 2019 / Moving from passive analytics — looking at insights after the fact — to active analytics [...]

divider
Automation
UK financial services firms trailblazing on automation efforts

UK financial services firms trailblazing on automation efforts

14 October 2019 / Financial services firms in the UK are integrating robo-advisers into their operations quicker than their [...]

divider
People Moves
PHMG appoints James Davison as CTO

PHMG appoints James Davison as CTO

14 October 2019 / In this role, Davison will be driving forward PHMG’s use of technology to help improve [...]

divider
Business & Strategy
How will 5G unlock revenue streams and increase profitability?

How will 5G unlock revenue streams and increase profitability?

14 October 2019 / 5G is swiftly becoming a reality as Mobile Network Operators (MNOs) continue with their rollout [...]

divider
Automation
Automation: the future, not the fear

Automation: the future, not the fear

11 October 2019 / There’s no denying the impact that automation will have on the workforce. According to the [...]

divider
Events
Conception X: Creating deep tech startups from PhDs

Conception X: Creating deep tech startups from PhDs

10 October 2019 / Providing PhD students with business and technology coaching, mentorship from leading tech and industry experts, [...]

divider
AI & Machine Learning
Delivering collective intelligence with the five pillars of AIOps

Delivering collective intelligence with the five pillars of AIOps

10 October 2019 / Traditional tools, solutions and approaches weren’t designed in anticipation of the volume, variety and velocity [...]

divider
Cloud & Edge Computing
Microsoft explains the edge; what it is, the use cases and challenges

Microsoft explains the edge; what it is, the use cases and challenges

9 October 2019 / The pace of disruptive technological advances is accelerating and more data is being generated than [...]

Do NOT follow this link or you will be banned from the site!

Pin It on Pinterest