Showing results for 
Search instead for 
Did you mean: 
Silver VIP

30-Second HTTPS Crypto Cracking Tool Released

Three researchers who discovered a crypto attack that can be used to grab sensitive information from HTTPS traffic in less than 30 seconds have released a tool to help website operators see if their systems are susceptible.

Details of the BREACH -- short for Browser Reconnaissance and Exfiltration via Adaptive Compression of Hypertext -- attack were first revealed last month at the Black Hat information security conference in Las Vegas by lead product security engineer Angelo Prado, Square application security engineer Neal Harris, and lead security engineer Yoel Gluck.

Their presentation triggered a Department of Homeland Security warning that "a sophisticated attacker may be able to derive plaintext secrets from the ciphertext in an HTTPS stream," and that all versions of the transport layer security (TLS) and secure sockets layer (SSL) protocols are vulnerable.


Full Article  beta_tester_transparent.png

Luminary Signature.png

2016-07-18_12-11-32.png  Microsoft® Windows Insider MVP - Windows Security