Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

×

+ - BREACH Compression Attack Steals SSL Secrets->

Submitted by msm1267
msm1267 (2804139) writes "A serious attack against ciphertext secrets buried inside HTTPS responses has prompted an advisory from Homeland Security. The BREACH attack is an offshoot of CRIME, which was thought dead and buried after it was disclosed in September. Released at last week’s Black Hat USA 2013, BREACH enables an attacker to read encrypted messages over the Web by injecting plaintext into an HTTPS request and measuring compression changes.
Researchers Angelo Prado, Neal Harris and Yoel Gluck demonstrated the attack against Outlook Web Access (OWA) at Black Hat. Once the Web application was opened and the Breach attack was launched, within 30 seconds the attackers had extracted the secret.
“We are currently unaware of a practical solution to this problem,” said the CERT advisory, released one day after the Black Hat presentation."

Link to Original Source
This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

BREACH Compression Attack Steals SSL Secrets

Comments Filter:

"Oh what wouldn't I give to be spat at in the face..." -- a prisoner in "Life of Brian"

Working...