[ALUG] A new hacking technique

Andreas Tauscher ta at lonestar-bbs.de
Wed Aug 7 23:03:30 EAT 2013


Am 06.08.2013 01:05, schrieb Adili:
> A new hacking technique dubbed BREACH can extract login tokens, session
> ID numbers and other sensitive information from SSL/TLS encrypted web
> traffic in just 30 seconds, More info on the link below 

Easiest countermeasure: Disabling http compression.

Separating user input from secrets (Should anyway always done). And to
hide the true length of a secret by adding some random bytes.

Andreas


More information about the Linux mailing list