LAS VEGAS—Researcher Omer Gil has devised a way to trick a web server into caching pages and exposing personal data.
The so-called web caching attack targets sites that use content delivery network (CDN) services such as Akamai and Cloudflare. These services act as traffic load balancers and reverse proxies, and store files that are frequently retrieved in order to reduce latency from a web server.
Gil, an information security team leader at EY Advanced Security Center, will present research tomorrow at Black Hat, that shows how adversaries can abuse these services and expose sensitive information of authenticated users and even take control of their accounts.
Powered by WPeMatico