Home » Breaking Computer security Cyber Security data security Latest Cybersecurity News Windows security

NSA warns of wildcard certificates and steps for protection

John Greenwood Posted On October 16, 2021
0


NSA Warning for Wildcard Certificates

The NSA has issued a warning against the usage of broadly-scoped certificates for multiple server authentication in any organization. A document was released last week with mitigation against the use of wildcard certificates as there is a new technique called ALPACA which could be used for traffic redirection attacks.

ALPACA the silent assassin  

The NSA is warning about the dangers that come with wildcard certificates that validate and allow secure connection to Transport Layer Security Protocol. Researchers have shown that the wildcard certificates can be exploited through an application layer protocol content confusion attack, which was later named as ALPACA – Application Layer Protocols Allowing Cross-Protocol Attack and facilitates cookie hijacking or cross-site scripting attacks.

Wildcard and multi-domain certificates differ from one another, the former is used for sub-domains within a domain, while the latter goes for multiple individual domain under the same IP address. With ALPACA attackers can perform phishing, MITM, watering hole and malvertising attacks on businesses.

To prevent such attacks the private key of the wildcard certificate has to be protected and should be kept in a secured server.

Protecting your wildcard certificates

Organizations should ensure these certificates are used in the appropriate times and their scope should be well studied before using one. The storage location of the private keys has to be periodically tested and ensured of high security. Employing a gateway or firewall is better for enhanced protection and safety.

DNS encryption with validation for DNS security extensions can avoid users to land in a different or malicious location. Finally enabling ALPN and keeping your browsers updated can reduce the chances of becoming a victim to ALPACA influenced attacks.

Subscribe to our newsletter for daily alerts on cyber events, you can also follow us on FacebookLinkedinInstagramTwitter and Reddit.

You can reach out to us via Twitter or Facebook, for any advertising requests.

Share the article with your friends




Author

John Greenwood

He has been working with Cybersec and Infosec market for 12+ years now. Passionate about AI, Cybersecurity, Info security, Blockchain and Machine Learning. When he is not occupied with cybersecurity, he likes to go on bike rides!

You may also like
Top 9 Best Log Management Tools for 2025
September 20, 2025
Top 4 Remote Support Tools for 2025- Best Remote Support Solution
September 18, 2025
Top 5 Best Unified Endpoint Management (UEM) Software for 2025
September 12, 2025
Leave A Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.