New HTTPS Hijack attack

A pair of security researchers have developed a new attack that exploits a weakness in the SSL/TLS encryption standard, which leaks information about encrypted sessions that can be used by attackers to hijack HTTPS sessions. These are the same guys who developed the BEAST tool  (Browser Exploit Against SSL/TLS) which targeted a problem with AES. They say it works similarly to BEAST but the known defense against BEAST won’t work against this attack. Read more here:

http://threatpost.com.mx/en_us/blogs/new-attack-uses-ssltls-information-leak-hijack-https-sessions-090512

Leave a Comment

Your email address will not be published.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top