NNSquad - Network Neutrality Squad
[ NNSquad ] No easy way to stop BREACH from plucking secrets from HTTPS pages, feds say
No easy way to stop BREACH from plucking secrets from HTTPS pages, feds say http://j.mp/19CjiCc (ars technica) "Less than 24 hours after researchers disclosed a new attack that can pluck secrets from webpages protected by the widely used HTTPS encryption scheme, the US Department of Homeland Security is advising website operators to investigate whether they're susceptible. As Ars reported Thursday, an exploit dubbed BREACH-short for Browser Reconnaissance and Exfiltration via Adaptive Compression of Hypertext-can decode e-mail addresses, certain types of security tokens, and other secrets from encrypted webpages, often in as little as 30 seconds." - - - --Lauren-- Lauren Weinstein (lauren@vortex.com): http://www.vortex.com/lauren Co-Founder: People For Internet Responsibility: http://www.pfir.org/pfir-info Founder: - Network Neutrality Squad: http://www.nnsquad.org - PRIVACY Forum: http://www.vortex.com/privacy-info Member: ACM Committee on Computers and Public Policy Lauren's Blog: http://lauren.vortex.com Google+: http://google.com/+LaurenWeinstein Twitter: http://twitter.com/laurenweinstein Tel: +1 (818) 225-2800 / Skype: vortex.com _______________________________________________ nnsquad mailing list http://lists.nnsquad.org/mailman/listinfo/nnsquad