NNSquad - Network Neutrality Squad
[ NNSquad ] Many ways to break SSL with CRIME attacks, experts warn
Many ways to break SSL with CRIME attacks, experts warn
http://j.mp/UgzaAE (ars technica)
"Security professionals are recommending that operators of websites
offering the secure hypertext transfer protocol (HTTPS) disable a
bandwidth-saving compression feature to prevent a recently disclosed
attack that permits the hijacking of encrypted browsing sessions. As
previously reported by Ars, browsers from Microsoft, Google, Mozilla,
Apple, and Opera aren't vulnerable to the exploit dubbed CRIME, which
is short for Compression Ratio Info-leak Made Easy. But until recently
both Chrome and Firefox users were susceptible to attacks that allowed
hackers to decrypt secure cookies used to log in to e-mail and online
bank accounts. Given the number of smaller browsers in use, or the
possibility some end users may be using out-of-date software, website
operators may want to proactively disable compression used during
sessions protected by the SSL, or secure sockets layer, protocol."
- - -
--Lauren--
Lauren Weinstein (lauren@vortex.com): http://www.vortex.com/lauren
Co-Founder: People For Internet Responsibility: http://www.pfir.org/pfir-info
Founder:
- Network Neutrality Squad: http://www.nnsquad.org
- PRIVACY Forum: http://www.vortex.com/privacy-info
- Data Wisdom Explorers League: http://www.dwel.org
- Global Coalition for Transparent Internet Performance: http://www.gctip.org
Member: ACM Committee on Computers and Public Policy
Lauren's Blog: http://lauren.vortex.com
Google+: http://vortex.com/g+lauren / Twitter: http://vortex.com/t-lauren
Tel: +1 (818) 225-2800 / Skype: vortex.com
_______________________________________________
nnsquad mailing list
http://lists.nnsquad.org/mailman/listinfo/nnsquad