Demo of the CRIME TLS Attack

Security researchers Juliano Rizzo and Thai Duong have developed a new attack called CRIME on the TLS protocol that uses the compression ratio in TLS requests as a side channel to gather information that enables them to decrypt the requests and extract users’ cookies.

Security researchers Juliano Rizzo and Thai Duong have developed a new attack called CRIME on the TLS protocol that uses the compression ratio in TLS requests as a side channel to gather information that enables them to decrypt the requests and extract users’ cookies. The attack works against both the TLS layer and the application layer and many major browsers, including Chrome and Firefox, are vulnerable. This video shows one of their exploits in action.

Suggested articles

Discussion

  • Robert on

    They made it look so easy and fast

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.