As reported in full by ComputerWorld
, the two reasearchers who developed the BEAST
attack against TLS 1.0 have developed a new protocol attack they call "CRIME":
The attack exploits a weakness in a particular feature of the TLS (Transport Layer Security) cryptographic protocol and its predecessor, the SSL (Secure Sockets Layer) protocol, which are used to implement HTTPS.
All SSL and TLS versions are affected and the exploited feature is commonly used in SSL/TLS deployments...
Computerworld noted that both Mozilla and Google have already prepared patches that block the attack vector to their browsers.
As with BEAST last year, details will only be released at the Ekoparty Security Conference to be held in Buenos Aires later this month.