Angelo Prado, Neal Harris, Yoel Gluck
SSL, Gone in 30 Seconds - A BREACH beyond CRIME

For those not familiar with the compression based side channel attacks against SSL, this talk presented at Black Hat 2013 provides a detailed explanation of the CRIME and BREACH attacks, including the rather interesting and creative workarounds for eliminating data noise in order to increase the chance of a successful recovery of a given secret from the encrypted data, and also, a live demonstration of hijacking the CSRF token of a real-world application. In the last segment, tips and tricks are provided for the mitigation of the attack.

Join us any time and get to be a better coder!

Back