Reply to post: Encrypt, Encrypt, Encrypt, Encrypt...

Half of Q1's malware traffic observed by Sophos was TLS encrypted, hiding inside legit requests to legit services

vogon00

Encrypt, Encrypt, Encrypt, Encrypt...

...seems to be the current industry mantra, which is a good thing and a bad thing.

On one hand, I like encryption as it means there is less chance of 'leaking' stuff you really should keep secure (Banking, authentication details, loads of stuff). This is main benefit for us 'end users', let alone the non-cognoscenti 'Joe Public' who don't know enough to be concerned.

On the other, encryption can be a PITA even at small scale and like all 'security' stuff it can get in the way a bit. My main objection is that people like me can no longer peer into the data stream and figure out how something works and/or what has gone wrong. When encryption wasn't as ubiquitous as it is now, malware was easier to spot as it tried to obfuscate/encrypt what is was doing...which was a 'red flag' back in the day. Now, it's just more encrypted unobservable traffic... Personally, I miss the ability to 'reverse engineer' AKA learn-by-example using Wireshark :-)

Mine is the one with only port 80 in the pocket :-)

Encryption benefits you and the owner of the endpoint to are talking to - and that's it. e.g. only Microsoft/Google/Amazon/Other infrastructure vendor get to see and use the juicy personal data you provide them with, as they have access to the decrypted 'raw' stuff (Unless they sell it on, of course). I'm half tempted to go a bit further and say it only benefits them, not you, as it gives them a 'protected' revenue stream!

Mine is the one with only port 80 in the pocket:-)

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2022