[cabfpub] SSL BEASTie boys develop follow-up 'CRIME' web attack

Phillip philliph at comodo.com
Mon Sep 10 11:04:05 MST 2012


Apropos which:

Since this is a Google employee speaking as a Google employee, perhaps Google could share the technical details of the attack with the forum?



 
THAI DUONG (GOOGLE)
The CRIME attack

We present a new set of attacks against old and new secure Internet protocols. Some of the most popular websites, browsers, and protocols are vulnerable. By vulnerable we meant the duo sitting next to you in coffee shops can get access to your emails, bank accounts, social networks, etc. We've worked with relevant parties to fix what can be fixed. We have a good news and a bad news for you. The good news is we've got working patches for most of the issues. The bad news is some of them might contribute to global warming. Let's upgrade and go plant some trees!

On Sep 10, 2012, at 12:50 PM, Phillip wrote:

> The conference is on the 19-21 September
> 
> I guess we are going to want to discuss this at the NYC meeting.
> 
> On Sep 10, 2012, at 3:01 AM, Rob Stradling wrote:
> 
>> Another attack on SSL/TLS to be announced soon...
>> 
>> http://www.theregister.co.uk/2012/09/07/https_sesh_hijack_attack/
>> 
>> -- 
>> Rob Stradling
>> Senior Research & Development Scientist
>> COMODO - Creating Trust Online
>> 
>> _______________________________________________
>> Public mailing list
>> Public at cabforum.org
>> https://cabforum.org/mailman/listinfo/public
> 
> _______________________________________________
> Public mailing list
> Public at cabforum.org
> https://cabforum.org/mailman/listinfo/public

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://cabforum.org/pipermail/public/attachments/20120910/26b9bb6a/attachment.html 


More information about the Public mailing list