Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: 'CRIME' attack abuses SSL/TLS data compression feature to hijack HTTPS


16 Sep 2012   #1

Microsoft Community Contributor Award Recipient

Windows 7 Home Premium x64 SP1
 
 
'CRIME' attack abuses SSL/TLS data compression feature to hijack HTTPS

Quote:
The 'CRIME' attack announced last week exploits the data compression scheme used by the TLS (Transport Layer Security) and SPDY protocols to decrypt user authentication cookies from HTTPS (HTTP Secure) traffic, one of the attack's creators confirmed Thursday.

The 'CRIME' attack was developed by security researchers Juliano Rizzo and Thai Duong, who plan to present it next week at the Ekoparty security conference in Buenos Aires, Argentina.

Rizzo and Duong revealed last week that CRIME abuses an optional feature present in all versions of TLS and SSL (Secure Sockets Layer) -- the cryptographic protocols used by HTTPS. However, they declined to name the feature at that time.
Source

A Guy

My System SpecsSystem Spec
.

Reply

 'CRIME' attack abuses SSL/TLS data compression feature to hijack HTTPS




Thread Tools




Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 12:21 AM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33