New Attack Uses SSL/TLS Information Leak to Hijack HTTPS Sessions | ICT Security-Sécurité PC et Internet | Scoop.it
From threatpost.com.mx - September 6, 2012 7:55 AM
Juliano Rizzo and Thai Duong, who developed the ASP.NET padding oracle attack and the BEAST SSL attack, have written a tool called CRIME that takes advantage of an information leak in SSL/TLS to hijack HTTPS sessions.

 

Read more:

http://threatpost.com.mx/en_us/blogs/new-attack-uses-ssltls-information-leak-hijack-https-sessions-090512