LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

CRIME Attack Uses Compression Ratio of TLS Requests as Side Channel to Hijack Secure Sessions (threatpost)

CRIME Attack Uses Compression Ratio of TLS Requests as Side Channel to Hijack Secure Sessions (threatpost)

Posted Sep 13, 2012 21:06 UTC (Thu) by intgr (subscriber, #39733)
In reply to: CRIME Attack Uses Compression Ratio of TLS Requests as Side Channel to Hijack Secure Sessions (threatpost) by intgr
Parent article: CRIME Attack Uses Compression Ratio of TLS Requests as Side Channel to Hijack Secure Sessions (threatpost)

> being in the same network segment as a router

Sorry, that was misleading. I meant any Ethernet segment where the traffic passes through, such as your office network or an Internet exchange point.

> haging access

Should be "having access"

(Log in to post comments)

CRIME Attack Uses Compression Ratio of TLS Requests as Side Channel to Hijack Secure Sessions (threatpost)

Posted Sep 13, 2012 22:26 UTC (Thu) by dlang (✭ supporter ✭, #313) [Link]

> > being in the same network segment as a router

>Sorry, that was misleading. I meant any Ethernet segment where the traffic passes through, such as your office network or an Internet exchange point.

actually, this isn't enough by itself nowdays.

With most of the ethernet infrastructure being switches, you will only occasionally see packets destined for other systems.

You can start playing games with ARP to try and route all traffic on the network through your machine instead of the router it is supposed to go through, but this sort of thing tends to cause other problems, so it's far from stealthy.

CRIME Attack Uses Compression Ratio of TLS Requests as Side Channel to Hijack Secure Sessions (threatpost)

Posted Sep 14, 2012 10:09 UTC (Fri) by paulj (subscriber, #341) [Link]

Many "ethernet" segments these days are shared Wifis - inherently a multi-access medium.

CRIME Attack Uses Compression Ratio of TLS Requests as Side Channel to Hijack Secure Sessions (threatpost)

Posted Sep 15, 2012 23:44 UTC (Sat) by cmccabe (guest, #60281) [Link]

Most (though not all) wifi is encrypted these days.

CRIME Attack Uses Compression Ratio of TLS Requests as Side Channel to Hijack Secure Sessions (threatpost)

Posted Sep 20, 2012 22:01 UTC (Thu) by cesarb (subscriber, #6266) [Link]

> Most (though not all) wifi is encrypted these days.

Wifi does not encrypt the size of the packets.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds