light bulb

Did You Know?



Reply
Posts: 8,452
Topics: 577
Kudos: 7,039
Registered: ‎02-03-2012

Gone in 30 seconds: New attack plucks secrets from HTTPS-protected pages

[ Edited ]

Capture01-08-2013-10.29.03 PM.jpg

 

Exploit called BREACH bypasses the SSL crypto scheme protecting millions of sites.

 

by Dan Goodin - Aug 1 2013, 11:30am EST

 

The HTTPS cryptographic scheme, which protects millions of websites, is susceptible to a new attack that allows hackers to pluck e-mail addresses and certain types of security credentials out of encrypted pages, often in as little as 30 seconds.

The technique, scheduled to be demonstrated Thursday at the Black Hat security conference in Las Vegas, decodes encrypted data that online banks and e-commerce sites send in responses that are protected by the widely used transport layer security (TLS) and secure sockets layer (SSL) protocols. The attack can extract specific pieces of data, such as social security numbers, e-mail addresses, certain types of security tokens, and password-reset links. It works against all versions of TLS and SSL regardless of the encryption algorithm or cipher that's used.


Full Article

Good thing we use Webroot SecureAnywhere with it's Identity Shield. egyptian.gif

 

TH

coollogo_com-133794099.gif


asapvip.png  SigSVIP.png EPA.png


Webroot® SecureAnywhere™ Internet Security Complete Beta v8.0.7.33 on my main system Windows 7 Ultimate 64bit & on Win XP 32bit, Win Vista 32bit, Win 7 32bit, Win 8.1 Pro 32bit & 64bit, Win 10 Preview 32bit & 64bit Build 9926 all on VM's also on my HTC One M8 Android Lollipop 5.0.1 Phone v3.6.0.6652.


MVP.gif.png Microsoft® MVP Consumer Security


Twitter.png Untitled-1.png Community-Badges-BetaTester.png