cancel
Showing results for 
Search instead for 
Did you mean: 

30-Second HTTPS Crypto Cracking Tool Released

Highlighted
Sr. Community Expert Advisor

30-Second HTTPS Crypto Cracking Tool Released

Three researchers who discovered a crypto attack that can be used to grab sensitive information from HTTPS traffic in less than 30 seconds have released a tool to help website operators see if their systems are susceptible.

Details of the BREACH -- short for Browser Reconnaissance and Exfiltration via Adaptive Compression of Hypertext -- attack were first revealed last month at the Black Hat information security conference in Las Vegas by Salesforce.com lead product security engineer Angelo Prado, Square application security engineer Neal Harris, and Salesforce.com lead security engineer Yoel Gluck.

Their presentation triggered a Department of Homeland Security warning that "a sophisticated attacker may be able to derive plaintext secrets from the ciphertext in an HTTPS stream," and that all versions of the transport layer security (TLS) and secure sockets layer (SSL) protocols are vulnerable.

 

Full Article


Sr. Community Expert Advisor


 


2016-07-18_12-11-32.png Microsoft® Windows Insider MVP - Windows Security

Message 1 of 1