Hi sc-l, You may have heard about the CRIME attack against TLS developed by Juliano Rizzo and Thai Duong. Although official details have not been released yet, there is speculation that the attack has to do with TLS compression. I was able to reproduce the information leakage resulting from compression. Please take a look at:
http://www.cigital.com/justice-league-blog/2012/09/13/crime-latest-attack-against-tls/ Your comments/feedback are welcome. Amit Sethi Technical Manager Cigital, Inc. http://www.cigital.com/
_______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates _______________________________________________
