Go Back   DaemonForums > DaemonForums.org > News

News News regarding BSD and related.

Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #1   (View Single Post)  
Old 10th September 2012
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
Join Date: May 2008
Location: USA
Posts: 6,143
Default New attack against TLS/SSL obtains session cookies from HTTPS

As reported in full by ComputerWorld, the two reasearchers who developed the BEAST attack against TLS 1.0 have developed a new protocol attack they call "CRIME":
The attack exploits a weakness in a particular feature of the TLS (Transport Layer Security) cryptographic protocol and its predecessor, the SSL (Secure Sockets Layer) protocol, which are used to implement HTTPS.

All SSL and TLS versions are affected and the exploited feature is commonly used in SSL/TLS deployments...
Computerworld noted that both Mozilla and Google have already prepared patches that block the attack vector to their browsers.

As with BEAST last year, details will only be released at the Ekoparty Security Conference to be held in Buenos Aires later this month.
Reply With Quote

beast, crime, https, ssl, tls

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Dual WAN & HTTPS Sites alpha202ej OpenBSD Security 1 31st January 2012 09:26 PM
https ports on PF mug23 OpenBSD Security 5 4th March 2011 10:11 PM
HTTP cookies, or how not to design protocols J65nko News 2 31st October 2010 07:39 AM
gnome session dennky OpenBSD Packages and Ports 1 14th January 2010 03:28 PM
rtorrent: Could not lock session directory: "/Torrents/Downloading/rtorrent.session/ mfaridi FreeBSD Ports and Packages 2 26th November 2008 06:47 AM

All times are GMT. The time now is 03:52 PM.

Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2018, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick