Security News > 2016 > August > CRIME, TIME, BREACH and HEIST: A brief history of compression oracle attacks on HTTPS (Help Net Security)

The HEIST vulnerability was presented at Black Hat USA 2016 by Mathy Vanhoef and Tom Van Goethem. In this presentation, new techniques were presented that enhanced previously presented padding oracle attacks on HTTPS, making them more practical. In a padding oracle attack, the attacker has partial control of part of a message that contains secret information, and is compressed, then encrypted before being sent over the network. An example of this is a web page … More →
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/j2cfeix-guo/
Related news
- There are 10,000 reasons to doubt Oracle Cloud's security breach denial (source)
- Oracle denies breach after hacker claims theft of 6 million data records (source)
- AI-Powered SaaS Security: Keeping Pace with an Expanding Attack Surface (source)
- Oracle customers confirm data stolen in alleged cloud breach is valid (source)
- Oracle Health breach compromises patient data at US hospitals (source)
- Phishing-as-a-service operation uses DNS-over-HTTPS for evasion (source)
- Oracle Cloud security SNAFU latest: IT giant accused of pedantry as evidence scrubbed (source)
- Oracle's masterclass in breach comms: Deny, deflect, repeat (source)
- Oracle privately confirms Cloud breach to customers (source)
- Texas State Bar warns of data breach after INC ransomware claims attack (source)