title

CRIME Attack Uses Compression Ratio of TLS Requests as Side Channel to Hijack Secure Sessions | Threatpost

charset

utf-8

X-UA-Compatible

IE=edge

viewport

width=device-width, initial-scale=1

content-type

text/html; charset=UTF-8

og:type

article

og:title

CRIME Attack Uses Compression Ratio of TLS Requests as Side Channel to Hijack Secure Sessions

og:description

The new attack on TLS developed by researchers Juliano Rizzo and Thai Duong takes advantage of an information leak in the compression ratio of TLS requests as a side channel to enable them to decrypt the requests made by the client to the server. This, in turn, allows them to grab the user’s login cookie and then hijack the user’s session and impersonate her on high-value destinations such as banks or e-commerce sites.

og:url

https://threatpost.com/crime-attack-uses-compression-ratio-tls-requests-side-channel-hijack-secure-sessions-091312/77006/

og:image

https://media.threatpost.com/wp-content/uploads/sites/103/2018/04/12084846/tp_twitter.png

twitter:card

summary_large_image

twitter:site

@threatpost

twitter:creator

@threatpost

twitter:title

CRIME Attack Uses Compression Ratio of TLS Requests as Side Channel to Hijack Secure Sessions

twitter:description

The new attack on TLS developed by researchers Juliano Rizzo and Thai Duong takes advantage of an information leak in the compression ratio of TLS requests as a side channel to enable them to decrypt the requests made by the client to the server. This, in turn, allows them to grab the user’s login cookie and then hijack the user’s session and impersonate her on high-value destinations such as banks or e-commerce sites.

EditURI

https://threatpost.com/xmlrpc.php?rsd

alternate

https://threatpost.com/feed/

alternate

https://threatpost.com/comments/feed/

alternate

https://threatpost.com/crime-attack-uses-compression-ratio-tls-requests-side-channel-hijack-secure-sessions-091312/77006/feed/

alternate

https://threatpost.com/wp-json/wp/v2/posts/77006