Tag Archives: SPDY

Testing Your SSL Server for CRIME

September 17, 2012 by Bruce Morton     No Comments

We still have to wait for later this week when Juliano Rizzo and Thai Duong will present their CRIME SSL/TLS attack at Ekoparty Security Conference. Regardless, we now know that the attack is based on the implementation of TLS compression or SPDY (pronounced “speedy”). CRIME uses the vulnerability that there is information leakage when data [Read More...]

Stopping CRIME Attacks

September 13, 2012 by Bruce Morton     No Comments

This article by Dan Goodin appears to cover the most facts about the CRIME attack on SSL/TLS. It answers my first question about what the acronym means; CRIME is short for “Compression Ratio Info-Leak Made Easy.” It also confirms the attack is performed when the communication uses TLS compression. My understanding is that TLS compression [Read More...]