Security News > 2016 > August > CRIME, TIME, BREACH and HEIST: A brief history of compression oracle attacks on HTTPS (Help Net Security)
2016-08-11 16:00
The HEIST vulnerability was presented at Black Hat USA 2016 by Mathy Vanhoef and Tom Van Goethem. In this presentation, new techniques were presented that enhanced previously presented padding oracle attacks on HTTPS, making them more practical. In a padding oracle attack, the attacker has partial control of part of a message that contains secret information, and is compressed, then encrypted before being sent over the network. An example of this is a web page … More →
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/j2cfeix-guo/
Related news
- T-Mobile US 'monitoring' China's 'industry-wide attack' amid fresh security breach fears (source)
- Google Adds New Pixel Security Features to Block 2G Exploits and Baseband Attacks (source)
- WordPress LiteSpeed Cache Plugin Security Flaw Exposes Sites to XSS Attacks (source)
- EDRSilencer red team tool used in attacks to bypass security (source)
- Tech giant Nidec confirms data breach following ransomware attack (source)
- ISC2 Security Congress 2024: The Landscape of Nation-State Cyber Attacks (source)
- Henry Schein discloses data breach a year after ransomware attack (source)
- Stop LUCR-3 Attacks: Learn Key Identity Security Tactics in This Expert Webinar (source)
- Canadian Suspect Arrested Over Snowflake Customer Breach and Extortion Attacks (source)
- Oracle warns of Agile PLM file disclosure flaw exploited in attacks (source)