..... A new hacking technique dubbed BREACH can extract login tokens, session ID numbers and other sensitive information from SSL/TLS encrypted web traffic, say researchers.....
.....BREACH (short for Browser Reconnaissance and Exfiltration via Adaptive Compression of Hypertext) attacks the commonDeflate data compression algorithm used to save bandwidth in web communications.......
.....The attacker just has to continually eavesdrop on the encrypted traffic between a victim and a web server before tricking marks into visiting a website under the miscreant's control.....
.....The attacker's booby-trapped website hosts a script that runs the second phase of the attack: this forces the victim's browser to visit the targeted website thousands of times, over and over, each time appending a different combination of extra data......
.....The practical upshot is that tokens and other sensitive information sent over SSL connections could be lifted even though the encrypted contents of emails and one-off orders sent to e-commerce websites are beyond the scope of the attack......
Click here to read more .....
.....BREACH (short for Browser Reconnaissance and Exfiltration via Adaptive Compression of Hypertext) attacks the commonDeflate data compression algorithm used to save bandwidth in web communications.......
.....The attacker just has to continually eavesdrop on the encrypted traffic between a victim and a web server before tricking marks into visiting a website under the miscreant's control.....
.....The attacker's booby-trapped website hosts a script that runs the second phase of the attack: this forces the victim's browser to visit the targeted website thousands of times, over and over, each time appending a different combination of extra data......
.....The practical upshot is that tokens and other sensitive information sent over SSL connections could be lifted even though the encrypted contents of emails and one-off orders sent to e-commerce websites are beyond the scope of the attack......
Click here to read more .....
No comments:
Post a Comment