Untitled Document

HTTPS hack

by Nizar on 2013-08-20 at 10:50:53


The HTTPS security measures that are used to protect websites are susceptible to a new attack that can extract information in as little as 30 seconds.

The method, called BREACH (Browser Reconnaissance and Exfiltration via Adaptive Compression of Hypertext), was demonstrated at the Black Hat security conference in Las Vegas and works by targeting the data compression websites use in order to save bandwidth. The technique examines the size of the packet and then guesses the contents whilst sending probe requests back to the targeted website.

Having gained access a BREACH attack can then extract information such as email addresses, some types of security tokens and password reset links. It works against all versions of the widely used transport layer security (TLS) and secure sockets layer (SSL) protocols.

In order to perform an attack, an attacker needs to be able to passively monitor the traffic traveling between an end-user and website. The attack also requires the attacker to force the victim to visit a malicious link.

'HTTPS remains a good method of transmitting data online, but it certainly isn’t perfect,' said Jon French a Security Analyst at security firm AppRiver.  

'Many researchers and hackers are constantly trying to find flaws within the HTTPS protocol precisely because so many people rely on it. As a result, while BREACH is the latest tool for intercepting HTTPS traffic, it's not the only one out there.

'In order to use BREACH, researchers say that attackers must have access to passively monitor the target's internet traffic. In most cases, monitoring would have to be done locally on the same network and that adds a layer of difficulty for hackers.

'Researchers plan on releasing it as a tool that can be used for testing, so businesses should take advantage of that and use it further secure their own systems. As more breakthroughs on HTTPS like this come on, it may end up spawning more secure methods of sending your data around on the internet.'



20
Oct

Finland: Hacker illegally accessed 60,000 servers worldwide and used foreign

by Nadeer

Finland: A hacker has been arrested from Helsinki (capital and largest city of Finland) for a suspect in Illegal accessing of 60,000 servers worldwide.

Along with the servers, hacker


14
Oct

Vulnerability in Whatsapp allows decrypting user messages

by Nadeer

A serious vulnerability in WhatsApp allows anyone who is able to eavesdrop on WhatsApp connection to decrypt users' messages.

 Whatsapp, the mobile application for instant messaging platform has


11
Sep

7 top changes in Apple's new iOS 7 operating system

by Nadeer

Apple is touting its latest mobile operating system as the "most significant" iOS update since the original iPhone.

"Downloading iOS 7 is like getting an all-new device," said Craig Federighi,


09
Sep

Facebook, Google and Twitter caught monitoring URLs in messages -

by Nizar

Large Internet firms including Facebook, Google and Twitter are monitoring some web links sent between their users, including those in private communications, a research firm has confirmed. Swiss security


04
Sep

Hackers Find Weaknesses in Car Computer Systems

by Nizar

As cars become more like PCs on wheels, what's to stop a hacker from taking over yours?

In recent demonstrations, hackers have shown they can slam a car's brakes at freeway


28
Aug

Web and Mobile Interest Group Emerges from W3C to Further

by Nadeer

Everyone’s on the move these days — the mobile Web movement that is. The World Wide Web Consortium (W3C) is, too, and is adding more depth to its mission for


25
Aug

Affordable web designs that are effective

by Nizar

New article released on the effectiveness of good web design for business.

With increase in the population of IT professionals with every passing year, web development in


19
Aug

50 BIG Social Media Stats of 2013

by Nadeer

The Social Media industry has shown no signs of slowing down, which means it’s becoming and in some cases already is a major channel


18
Aug

Hackers targeting servers running Apache Struts applications

by Nadeer

Hackers targeting servers running Apache Struts applications, researchers say 

A tool for exploiting known Struts vulnerabilities is available on Chinese hacker forums, Trend Micro researchers said

Chinese hackers


13
Aug

Website Abandonment – How to Keep Visitors From Leaving Your

by nizar

Getting traffic is half the battle…keeping that traffic is an entirely different story.

You may have a great product, an award-winning website design, and even stellar content, but if


13
Aug

Facebook for Business to revolutionise business

by Nizar

Facebook has always considered business to be an integral part of its mission to enhance communications and because of Facebook, thousands of businesses have indeed prospered. Whether it is a


13
Aug

Majority of Internet users in Iraq have Facebook account

by Nizar

A new comprehensive survey from the Arab Advisors Group probed the media consumption habits in Iraq. The survey provides insights into the broadcast and online media