NNSquad - Network Neutrality Squad
[ NNSquad ] No easy way to stop BREACH from plucking secrets from HTTPS pages, feds say
No easy way to stop BREACH from plucking secrets from HTTPS pages, feds say
http://j.mp/19CjiCc (ars technica)
"Less than 24 hours after researchers disclosed a new attack that can
pluck secrets from webpages protected by the widely used HTTPS
encryption scheme, the US Department of Homeland Security is advising
website operators to investigate whether they're susceptible. As Ars
reported Thursday, an exploit dubbed BREACH-short for Browser
Reconnaissance and Exfiltration via Adaptive Compression of
Hypertext-can decode e-mail addresses, certain types of security
tokens, and other secrets from encrypted webpages, often in as little
as 30 seconds."
- - -
--Lauren--
Lauren Weinstein (lauren@vortex.com): http://www.vortex.com/lauren
Co-Founder: People For Internet Responsibility: http://www.pfir.org/pfir-info
Founder:
- Network Neutrality Squad: http://www.nnsquad.org
- PRIVACY Forum: http://www.vortex.com/privacy-info
Member: ACM Committee on Computers and Public Policy
Lauren's Blog: http://lauren.vortex.com
Google+: http://google.com/+LaurenWeinstein
Twitter: http://twitter.com/laurenweinstein
Tel: +1 (818) 225-2800 / Skype: vortex.com
_______________________________________________
nnsquad mailing list
http://lists.nnsquad.org/mailman/listinfo/nnsquad