[ALUG] A new hacking technique
Andreas Tauscher
ta at lonestar-bbs.de
Wed Aug 7 23:03:30 EAT 2013
Am 06.08.2013 01:05, schrieb Adili:
> A new hacking technique dubbed BREACH can extract login tokens, session
> ID numbers and other sensitive information from SSL/TLS encrypted web
> traffic in just 30 seconds, More info on the link below
Easiest countermeasure: Disabling http compression.
Separating user input from secrets (Should anyway always done). And to
hide the true length of a secret by adding some random bytes.
Andreas
More information about the Linux
mailing list