top | item 6447825 (no title) barrydahlberg | 12 years ago Can you please clarify exactly what you mean by compression? Is this referring to typical gzip compression in HTTP results or something else? discuss order hn newest cenhyperion|12 years ago >Is this referring to typical gzip compression in HTTPYes. It's a major vulnerability discovered in the past few months that significantly weakens the crypto.Website Describing the attack: http://breachattack.com/Django Blog Post: https://www.djangoproject.com/weblog/2013/aug/06/breach-and-... barrydahlberg|12 years ago That's not cool. The last thing we need is more things for people to use as reasons for not using HTTPS at all. load replies (1) espeed|12 years ago Yes, BREACH exploits HTTP body compression so this means typical gzip compression in HTTP results (see http://breachattack.com, http://en.wikipedia.org/wiki/HTTP_compression#Security_impli...).Full Paper: "BREACH: Reviving the CRIME Attack" (http://breachattack.com/resources/BREACH%20-%20SSL,%20gone%2...)
cenhyperion|12 years ago >Is this referring to typical gzip compression in HTTPYes. It's a major vulnerability discovered in the past few months that significantly weakens the crypto.Website Describing the attack: http://breachattack.com/Django Blog Post: https://www.djangoproject.com/weblog/2013/aug/06/breach-and-... barrydahlberg|12 years ago That's not cool. The last thing we need is more things for people to use as reasons for not using HTTPS at all. load replies (1)
barrydahlberg|12 years ago That's not cool. The last thing we need is more things for people to use as reasons for not using HTTPS at all. load replies (1)
espeed|12 years ago Yes, BREACH exploits HTTP body compression so this means typical gzip compression in HTTP results (see http://breachattack.com, http://en.wikipedia.org/wiki/HTTP_compression#Security_impli...).Full Paper: "BREACH: Reviving the CRIME Attack" (http://breachattack.com/resources/BREACH%20-%20SSL,%20gone%2...)
cenhyperion|12 years ago
Yes. It's a major vulnerability discovered in the past few months that significantly weakens the crypto.
Website Describing the attack: http://breachattack.com/
Django Blog Post: https://www.djangoproject.com/weblog/2013/aug/06/breach-and-...
barrydahlberg|12 years ago
espeed|12 years ago
Full Paper: "BREACH: Reviving the CRIME Attack" (http://breachattack.com/resources/BREACH%20-%20SSL,%20gone%2...)