Security News > 2016 > August > CRIME, TIME, BREACH and HEIST: A brief history of compression oracle attacks on HTTPS (Help Net Security)
2016-08-11 16:00
The HEIST vulnerability was presented at Black Hat USA 2016 by Mathy Vanhoef and Tom Van Goethem. In this presentation, new techniques were presented that enhanced previously presented padding oracle attacks on HTTPS, making them more practical. In a padding oracle attack, the attacker has partial control of part of a message that contains secret information, and is compressed, then encrypted before being sent over the network. An example of this is a web page … More →
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/j2cfeix-guo/
Related news
- Critical Security Flaw in WhatsUp Gold Under Active Attack - Patch Now (source)
- 18-year-old security flaw in Firefox and Chrome exploited in attacks (source)
- National Public Data confirms breach exposing Social Security numbers (source)
- Most Ransomware Attacks Occur When Security Staff Are Asleep, Study Finds (source)
- SQL Injection Attack on Airport Security (source)
- OpenBAS: Open-source breach and attack simulation platform (source)
- Security measures fail to keep up with rising email attacks (source)
- Cybercriminals Exploit HTTP Headers for Credential Theft via Large-Scale Phishing Attacks (source)
- 80% of Critical National Infrastructure Companies Experienced an Email Security Breach in Last Year (source)
- Russian security firm Dr.Web disconnects all servers after breach (source)