light bulb

Did You Know?

Posts: 14,073
Topics: 9,734
Kudos: 30,079
Registered: ‎06-12-2013

30-Second HTTPS Crypto Cracking Tool Released

Three researchers who discovered a crypto attack that can be used to grab sensitive information from HTTPS traffic in less than 30 seconds have released a tool to help website operators see if their systems are susceptible.

Details of the BREACH -- short for Browser Reconnaissance and Exfiltration via Adaptive Compression of Hypertext -- attack were first revealed last month at the Black Hat information security conference in Las Vegas by lead product security engineer Angelo Prado, Square application security engineer Neal Harris, and lead security engineer Yoel Gluck.

Their presentation triggered a Department of Homeland Security warning that "a sophisticated attacker may be able to derive plaintext secrets from the ciphertext in an HTTPS stream," and that all versions of the transport layer security (TLS) and secure sockets layer (SSL) protocols are vulnerable.


Full Article

Sr. Community Expert Advisor