"NSA Warns of Risks Posed by Wildcard Certificates, ALPACA Attacks"

The National Security Agency (NSA) recently issued guidance regarding risks associated with wildcard TLS certificates and Application Layer Protocols Allowing Cross-Protocol Attack (ALPACA) techniques. The new guidance calls on network administrators to make sure that the use of wildcard certificates does not create risks and that enterprise environments are not open to ALPACA attacks, which are described as application layer protocol content confusion attacks. Wildcard certificates help simplify the management of an organization's credentials. They are typically used to authenticate multiple servers, but using them to validate unrelated servers across an organization poses a risk. Through the use of ALPACA techniques, threat actors could perform arbitrary actions and access sensitive data. This article continues to discuss the guidance issued by the NSA on avoiding the dangers of wildcard TLS certificates and ALPACA techniques. 

Security Week reports "NSA Warns of Risks Posed by Wildcard Certificates, ALPACA Attacks"