Introduction

On the Internet billions of electrons pass along thousands of miles of cable every day to and from destinations around the world and beyond. These electrons carry written messages, visual images, and sound between millions of computers connected to the World Wide Web. Many of the transmissions contain vital and confidential information that can be used for mischief and fraud by hackers if they gain access to them and many do. How can they still get in, with so much technological progress in firewalls and intrusion detection software? The answer is two numbers: TCP ports 80 and 443.

HyperText Transfer Protocol (HTTP) and HTTP over SSL (HTTPS), which are run through those ports, respectively, account for a growing number of cyber break-ins. Why? The reason is simple: People have fallen for the biggest scam going. The ruse is shamelessly perpetuated throughout the industry by software vendors and service providers alike. As they state confidently, "Purchase a good firewall and intrusion detection system (IDS) and your security problems will melt away." Anyone with a double digit I.Q. should know that, no matter how many firewalls and IDS systems you have, they will never prevent Web attacks.

Firewalls are useless against Web attacks. That's right. Firewalls are pebble speed bumps in the residential street of the Internet. Why? Because firewalls have to let Web traffic through them. As a result, HTTP/HTTPS leave an attacker almost immune from the effects of firewalls. HTTP is truly a hacker's delight. And whatever can be done over HTTP can usually be done over HTTPS in the encrypted stream of anonymity. In this chapter we discuss both protocols (HTTP and HTTPS), describe how they work, and suggest ways that attackers extend their boundaries.