User: Password:
|
|
Subscribe / Log in / New account

CRIME Attack Uses Compression Ratio of TLS Requests as Side Channel to Hijack Secure Sessions (threatpost)

CRIME Attack Uses Compression Ratio of TLS Requests as Side Channel to Hijack Secure Sessions (threatpost)

Posted Sep 13, 2012 22:26 UTC (Thu) by dlang (subscriber, #313)
In reply to: CRIME Attack Uses Compression Ratio of TLS Requests as Side Channel to Hijack Secure Sessions (threatpost) by intgr
Parent article: CRIME Attack Uses Compression Ratio of TLS Requests as Side Channel to Hijack Secure Sessions (threatpost)

> > being in the same network segment as a router

>Sorry, that was misleading. I meant any Ethernet segment where the traffic passes through, such as your office network or an Internet exchange point.

actually, this isn't enough by itself nowdays.

With most of the ethernet infrastructure being switches, you will only occasionally see packets destined for other systems.

You can start playing games with ARP to try and route all traffic on the network through your machine instead of the router it is supposed to go through, but this sort of thing tends to cause other problems, so it's far from stealthy.


(Log in to post comments)

CRIME Attack Uses Compression Ratio of TLS Requests as Side Channel to Hijack Secure Sessions (threatpost)

Posted Sep 14, 2012 10:09 UTC (Fri) by paulj (subscriber, #341) [Link]

Many "ethernet" segments these days are shared Wifis - inherently a multi-access medium.

CRIME Attack Uses Compression Ratio of TLS Requests as Side Channel to Hijack Secure Sessions (threatpost)

Posted Sep 15, 2012 23:44 UTC (Sat) by cmccabe (guest, #60281) [Link]

Most (though not all) wifi is encrypted these days.

CRIME Attack Uses Compression Ratio of TLS Requests as Side Channel to Hijack Secure Sessions (threatpost)

Posted Sep 20, 2012 22:01 UTC (Thu) by cesarb (subscriber, #6266) [Link]

> Most (though not all) wifi is encrypted these days.

Wifi does not encrypt the size of the packets.


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds