3 stories
·
0 followers

BREACH Compression Attack Steals SSL Secrets

1 Share
msm1267 writes "A serious attack against ciphertext secrets buried inside HTTPS responses has prompted an advisory from Homeland Security. The BREACH attack is an offshoot of CRIME, which was thought dead and buried after it was disclosed in September. Released at last week's Black Hat USA 2013, BREACH enables an attacker to read encrypted messages over the Web by injecting plaintext into an HTTPS request and measuring compression changes. Researchers Angelo Prado, Neal Harris and Yoel Gluck demonstrated the attack against Outlook Web Access (OWA) at Black Hat. Once the Web application was opened and the Breach attack was launched, within 30 seconds the attackers had extracted the secret. 'We are currently unaware of a practical solution to this problem,' said the CERT advisory, released one day after the Black Hat presentation."

Read more of this story at Slashdot.



Read the whole story
csharptest
4124 days ago
reply
Share this story
Delete

New JavaScript-Based Timing Attack Steals All Browser Source Data

1 Share
Trailrunner7 writes "Security researchers have been warning about the weaknesses and issues with JavaScript and iframes for years now, but the problem goes far deeper than even many of them thought. A researcher in the U.K. has developed a new technique that uses a combination of JavaScript-based timing attacks and other tactics to read any information he wants from a targeted user's browser and sites the victim is logged into. The attack works on all of the major browsers and researchers say there's no simple fix to prevent it."

Read more of this story at Slashdot.



Read the whole story
csharptest
4126 days ago
reply
Share this story
Delete

The Nerdy Love Song, for That Special Someone in Your Less than Three

1 Comment and 3 Shares

Submitted by: Unknown

Read the whole story
csharptest
4148 days ago
reply
Share this story
Delete
1 public comment
anthonylatta
4148 days ago
reply
I'm rational and read Sam Harris.
Washington, DC