This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthor

Only authorized users are allowed to rename pages.

Only authorized users are allowed to delete pages.

Page revision history

Version Date Modified Size Author Changes ... Change note

Page References

Incoming links Outgoing links
CRIME
CRIME

Version management

Difference between version and

At line 1 added 15 lines
!!! Overview
[{$pagename}] is an [Data Leakage] [Exploit] which was theorized years ago, but as vividly demonstrated as in the demonstration they recently published.
[{$pagename}] [Exploits] [TLS Compression], in the same setup than the [BEAST] attack (attacker can send some data of its own in a SSL connection, where interesting target data such as a cookie is also sent). Roughly speaking, the attacker puts in its data a potential value for the target string, and, if it matches, compression makes the resulting records shorter.
[{$pagename}] is avoided by disabling TLS-level compression. Which is what most browsers now do.
Internet Explorer and IIS never implemented TLS-level compression in the first place (for once, sloppiness saved the day); Firefox and Chrome implemented it, and deactivated in 2014 Summer they were forewarned by Duong and Rizzo, who are quite responsible in their activity.
!! More details on [{$pagename}]:
* [https://security.stackexchange.com/questions/19911/crime-how-to-beat-the-beast-successor|https://security.stackexchange.com/questions/19911/crime-how-to-beat-the-beast-successor|target='_blank']
!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]
This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthorTop