Security News > 2016 > August > CRIME, TIME, BREACH and HEIST: A brief history of compression oracle attacks on HTTPS (Help Net Security)
2016-08-11 16:00
The HEIST vulnerability was presented at Black Hat USA 2016 by Mathy Vanhoef and Tom Van Goethem. In this presentation, new techniques were presented that enhanced previously presented padding oracle attacks on HTTPS, making them more practical. In a padding oracle attack, the attacker has partial control of part of a message that contains secret information, and is compressed, then encrypted before being sent over the network. An example of this is a web page … More →
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/j2cfeix-guo/
Related news
- Cross-Domain Attacks: A Growing Threat to Modern Security and How to Combat Them (source)
- UN aviation agency investigating 'potential' security breach (source)
- Washington state sues T-Mobile over 2021 data breach security failures (source)
- CISA warns of critical Oracle, Mitel flaws exploited in attacks (source)
- UN aviation agency confirms recruitment database security breach (source)
- Patch Tuesday: January 2025 Security Update Patches Exploited Elevation of Privilege Attacks (source)
- Balancing usability and security in the fight against identity-based attacks (source)
- Security pros more confident about fending off ransomware, despite being battered by attacks (source)
- Engineering giant Smiths Group discloses security breach (source)
- Australian fertility services giant Genea hit by security breach (source)