This article has been indexed from CSO Online
What is the ALPACA attack?
The application layer protocol content confusion attack (ALPACA) was first disclosed in June and presented at Black Hat USA 2021. To understand ALPACA, it’s helpful to understand how TLS works: The protocol is designed to protect data in transit during a transaction, but it does not bind TCP connections to the intended application layer protocol—whether that’s HTTP, SMTP, or any of the many other protocols often secured with TLS. In practice, this means that while TLS secures the data as it’s transported and verifies the server name it’s connecting to, it doesn’t check the application the data is being sent to or even the validity of that data.
Read the original article: BrandPost: Wildcard Certificate Risks and the ALPACA TLS Attack