Security researchers Juliano Rizzo and Thai Duong have developed a new attack called CRIME on the TLS protocol that uses the compression ratio in TLS requests as a side channel to gather information that enables them to decrypt the requests and extract users’ cookies. The attack works against both the TLS layer and the application layer and many major browsers, including Chrome and Firefox, are vulnerable. This video shows one of their exploits in action.

Categories: Vulnerabilities

Comment (1)

Comments are closed.