NSA explains how to avoid dangers of Wildcard TLS Certificates and ALPACA attacks

From securityaffairs.co

The National Security Agency (NSA) is warning organizations against the use of wildcard TLS certificates and the new ALPACA TLS attack.

wildcard certificate is a public key certificate that can be used to secure all first-level subdomains of single domain name.

“On the surface, wildcard certificates appear to be a great way to quickly and easily deploy HTTPS quickly and easily across subdomains. You buy one certificate and you’re good to go for unlimited subdomains. Indeed, wildcard certificates are cheaper and easier to extend. But they are not necessarily easier to manage.” states the post published by Venafi.

A wildcard certificate allows administrators to use a single wildcard certificate to protect each of subdomains, anyway, researchers warn that the use of wildcard TLS certificates could be exploited by attackers to decrypt TLS-encrypted traffic.

Read more…