• Lucky Thirteen TLS Attack

    Nadhem AlFardan and Kenny Paterson of the Information Security Group at Royal Holloway, University of London, announced a new TLS/DTLS attack called Lucky Thirteen.

        in SSL, SSL Deployment
    0
  • Summarization of CRIME Attack on SSL

    I’ve written a few blogs on CRIME, but now that Juliano Rizzo and Thai Duong have presented CRIME at Ekoparty 2012, I thought a summary is due. CRIME is short for “Compression Ratio Info-Leak Made Easy.” In their presentation, Rizzo and Duong reminded us that HTTPS provides confidentiality, integrity and authenticity; however, CRIME decrypts portions of an HTTPS message, such

        in Secure Browsing, SSL
    0
  • Testing Your SSL Server for CRIME

    We still have to wait for later this week when Juliano Rizzo and Thai Duong will present their CRIME SSL/TLS attack at Ekoparty Security Conference. Regardless, we now know that the attack is based on the implementation of TLS compression or SPDY (pronounced “speedy”). CRIME uses the vulnerability that there is information leakage when data is compressed prior to encryption.

        in Secure Browsing, SSL, SSL Deployment
    0
  • Stopping CRIME Attacks

    This article by Dan Goodin appears to cover the most facts about the CRIME attack on SSL/TLS. It answers my first question about what the acronym means; CRIME is short for “Compression Ratio Info-Leak Made Easy.” It also confirms the attack is performed when the communication uses TLS compression. My understanding is that TLS compression is used in SPDY, which

        in Secure Browsing, SSL
    0
  • Testing Your SSL Server for CRIME

    We still have to wait for later this week when Juliano Rizzo and Thai Duong will present their CRIME SSL/TLS attack at Ekoparty Security Conference. Regardless, we now know that the attack is based on the implementation of TLS compression or SPDY (pronounced “speedy”). CRIME uses the vulnerability that there is information leakage when data is compressed prior to encryption.

        in Secure Browsing, SSL, SSL Deployment
    0
  • Stopping CRIME Attacks

    This article by Dan Goodin appears to cover the most facts about the CRIME attack on SSL/TLS. It answers my first question about what the acronym means; CRIME is short for “Compression Ratio Info-Leak Made Easy.” It also confirms the attack is performed when the communication uses TLS compression. My understanding is that TLS compression is used in SPDY, which

        in Secure Browsing, SSL
    0
Page 1 of 3123