1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

CRIME, TIME, BREACH and HEIST: A brief history of compression oracle attacks on HTTPS

Discussion in 'Help Net Security' started by RSS, Aug 11, 2016.

  1. RSS

    RSS New Member Member

    The HEIST vulnerability was presented at Black Hat USA 2016 by Mathy Vanhoef and Tom Van Goethem. In this presentation, new techniques were presented that enhanced previously presented padding oracle attacks on HTTPS, making them more practical. In a padding oracle attack, the attacker has partial control of part of a message that contains secret information, and is compressed, then encrypted before being sent over the network. An example of this is a web page … More →

    Continue reading...

Share This Page