NNSquad - Network Neutrality Squad

NNSquad Home Page

NNSquad Mailing List Information


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ NNSquad ] Many ways to break SSL with CRIME attacks, experts warn

Many ways to break SSL with CRIME attacks, experts warn

http://j.mp/UgzaAE  (ars technica)

   "Security professionals are recommending that operators of websites
    offering the secure hypertext transfer protocol (HTTPS) disable a
    bandwidth-saving compression feature to prevent a recently disclosed
    attack that permits the hijacking of encrypted browsing sessions.  As
    previously reported by Ars, browsers from Microsoft, Google, Mozilla,
    Apple, and Opera aren't vulnerable to the exploit dubbed CRIME, which
    is short for Compression Ratio Info-leak Made Easy. But until recently
    both Chrome and Firefox users were susceptible to attacks that allowed
    hackers to decrypt secure cookies used to log in to e-mail and online
    bank accounts. Given the number of smaller browsers in use, or the
    possibility some end users may be using out-of-date software, website
    operators may want to proactively disable compression used during
    sessions protected by the SSL, or secure sockets layer, protocol."

 - - -

Lauren Weinstein (lauren@vortex.com): http://www.vortex.com/lauren 
Co-Founder: People For Internet Responsibility: http://www.pfir.org/pfir-info
 - Network Neutrality Squad: http://www.nnsquad.org 
 - PRIVACY Forum: http://www.vortex.com/privacy-info
 - Data Wisdom Explorers League: http://www.dwel.org
 - Global Coalition for Transparent Internet Performance: http://www.gctip.org
Member: ACM Committee on Computers and Public Policy
Lauren's Blog: http://lauren.vortex.com
Google+: http://vortex.com/g+lauren / Twitter: http://vortex.com/t-lauren 
Tel: +1 (818) 225-2800 / Skype: vortex.com
nnsquad mailing list