30-Second HTTPS Crypto Cracking Tool Released

  • 3 September 2013
  • 0 replies
  • 1 view

Userlevel 7
Badge +54
Three researchers who discovered a crypto attack that can be used to grab sensitive information from HTTPS traffic in less than 30 seconds have released a tool to help website operators see if their systems are susceptible.

Details of the BREACH -- short for Browser Reconnaissance and Exfiltration via Adaptive Compression of Hypertext -- attack were first revealed last month at the Black Hat information security conference in Las Vegas by Salesforce.com lead product security engineer Angelo Prado, Square application security engineer Neal Harris, and Salesforce.com lead security engineer Yoel Gluck.

Their presentation triggered a Department of Homeland Security warning that "a sophisticated attacker may be able to derive plaintext secrets from the ciphertext in an HTTPS stream," and that all versions of the transport layer security (TLS) and secure sockets layer (SSL) protocols are vulnerable.
 
Full Article

0 replies

Be the first to reply!

Reply