Security researchers discovered that even HTTPS encryption that is used for secure connections throughout the Internet can allow attackers to hijack web browser sessions that support SPDY or TLS compression. SPDY is an open networking protocol used by Google and Twitter. This security weakness can be exploited when web sessions are protected by SSL or TLS and are using one of the two data-compression schemes designed to improve webpages load times.
Read more here – http://arstechnica.com/security/2012/09/crime-hijacks-https-sessions/