Tag Archives: Internet standardsInternet standards

Testing Your SSL Server for CRIME

September 17, 2012 by Bruce Morton     No Comments

We still have to wait for later this week when Juliano Rizzo and Thai Duong will present their CRIME SSL/TLS attack at Ekoparty Security Conference. Regardless, we now know that the attack is based on the implementation of TLS compression or SPDY (pronounced “speedy”). CRIME uses the vulnerability that there is information leakage when data [Read More...]

Speculation on CRIME

September 12, 2012 by Bruce Morton     No Comments

The SSL industry is waiting for the Ekoparty Security Conference next week to find out more details on the CRIME SSL/TLS attack. Speculation by SSL/TLS experts? The attack is based on TLS compression. Thomas Pornin made this post on IT Security of his guesses on how compression could be used in an attack. This also [Read More...]

SSL News from Black Hat and DEF CON

August 28, 2012 by Bruce Morton     No Comments

I like to follow up each year with the SSL news from Black Hat USA and DEF CON 20. I was just looking for my 2011 follow-up and found out that I never released it. Unfortunately, I started the write up just before the DigiNotar fiasco and never finished it. So what SSL presentations occurred [Read More...]