Computerworld

‘CRIME’ attack abuses SSL/TLS data compression feature to hijack HTTPS sessions

The ‘CRIME’ attack announced last week exploits the data compression scheme used by the TLS (Transport Layer Security) and SPDY protocols to decrypt user authentication cookies from HTTPS (HTTP Secure ...
Threat Post

Demo of the CRIME TLS Attack

Security researchers Juliano Rizzo and Thai Duong have developed a new attack called CRIME on the TLS protocol that uses the compression ratio in TLS requests as a side channel to gather information ...
Threat Post

BREACH Compression Attack Steals HTTPS Secrets in Under 30 Seconds

Homeland Security released an advisory on the BREACH attack, a side-channel compression attack similar to CRIME, except that it steals secrets from HTTPS responses. A serious attack against ciphertext ...