http://www.computerworld.com/s/article/9231013/Security_researchers_to_present_new_39_CRIME_39_attack_against_SSL_TLS By Lucian Constantin IDG News Service September 6, 2012 Two security researchers claim to have developed a new attack that can decrypt session cookies from HTTPS (Hypertext Transfer Protocol Secure) connections. Websites use session cookies to remember authenticated users. If an attacker gains access to a user's session cookie while the user is still authenticated to a website, the hacker could use it to access the user's account on that website. HTTPS should prevent this type of session hijacking because it encrypts session cookies while in transit or when stored in the browser. However, the new attack, devised by security researchers Juliano Rizzo and Thai Duong, is able to decrypt them. Rizzo and Duong dubbed their attack CRIME and plan to present it later this month at the Ekoparty security conference in Buenos Aires, Argentina. [...] -- #HITB2012KUL - The 10TH ANNUAL HITB Security Conference in Malaysia with no keynotes, no labs - just three tracks filled with our most popular speakers from the last decade: http://conference.hitb.org/Received on Fri Sep 07 2012 - 02:14:35 PDT
This archive was generated by hypermail 2.2.0 : Fri Sep 07 2012 - 02:35:45 PDT