|16 Sep 2012||#1|
| || |
'CRIME' attack abuses SSL/TLS data compression feature to hijack HTTPS
The 'CRIME' attack announced last week exploits the data compression scheme used by the TLS (Transport Layer Security) and SPDY protocols to decrypt user authentication cookies from HTTPS (HTTP Secure) traffic, one of the attack's creators confirmed Thursday.
The 'CRIME' attack was developed by security researchers Juliano Rizzo and Thai Duong, who plan to present it next week at the Ekoparty security conference in Buenos Aires, Argentina.
Rizzo and Duong revealed last week that CRIME abuses an optional feature present in all versions of TLS and SSL (Secure Sockets Layer) -- the cryptographic protocols used by HTTPS. However, they declined to name the feature at that time.
|My System Specs|
|Similar help and support threads for2: 'CRIME' attack abuses SSL/TLS data compression feature to hijack HTTPS|
|Data compression software.||Software|
|Failing Disk Deletes Backup Data-Need More Info - Feature Name||Backup and Restore|
|Yaa! DLL Hijack Auditor: For Microsoft DLL hijack vulnerability||System Security|
|Webroot warns on political Koobface data hijack||News|
|Scareware Scheme Abuses Firefox 'What's New' Page||News|
|Data Execution Prevention Security Feature||System Security|
|Data compression (not Audio) programs||Software|
|Our Sites ||Site Links ||About Us ||Find Us |
© Designer Media Ltd
All times are GMT -5. The time now is 10:49 AM.