HTTPS Easily Hacked in Seconds when Compressed

Tuesday, August 6th, 2013 | Business | by

A new DHS report released on August 2, BREACH vulnerability in compressed HTTPS, detailed how an attacker could derive information from the length of a compressed encrypted stream.

From the report:

While the CRIME attack is currently believed to be mitigated by disabling TLS/SSL/level compression, compressed HTTP responses represent a significant unmitigated vector which is currently exploitable. By injecting plaintext into an HTTPS request, an attacker can learn information about the corresponding HTTPS response by measuring its size.

The article states what the symptoms are, as well as potential fixes.  Basically, disable HTTP compression.



Related Posts

Tags: , , ,

No comments yet.

Leave a comment


Please share, it makes me happy:

Subscribe to Email Alerts

Follow Me

Follow seangw on twitter



prestashop theme

virtuemart template