Home page logo
/

securecoding logo Secure Coding mailing list archives

CRIME: Latest attack against TLS
From: Amit Sethi <asethi () cigital com>
Date: Thu, 13 Sep 2012 15:34:44 -0400

Hi sc-l,

You may have heard about the CRIME attack against TLS developed by Juliano Rizzo and Thai Duong. Although official 
details have not been released yet, there is speculation that the attack has to do with TLS compression. I was able to 
reproduce the information leakage resulting from compression. Please take a look at:

http://www.cigital.com/justice-league-blog/2012/09/13/crime-latest-attack-against-tls/

Your comments/feedback are welcome.

Amit Sethi
Technical Manager
Cigital, Inc.
http://www.cigital.com/
_______________________________________________
Secure Coding mailing list (SC-L) SC-L () securecoding org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates
_______________________________________________

  By Date           By Thread  

Current thread:
  • CRIME: Latest attack against TLS Amit Sethi (Sep 14)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault