Two Greek researchers φαίνεται να κατέπληξαν τους πάντες στο Black Hat Asia 2016. Ο Δημήτρης Καρακώστας και ο Διονύσης Ζήνδρος αναβάθμισαν την επίθεση BREACH (Browser Reconnaissance and Exfiltration via Adaptive Compression of Hypertext) για να διαπερνά τους πιο κοινούς αλγόριθμους encryptionof the web.
The two PhD students who presented the BREACH attack were even released and a framework which will help hackers (with good intentions) and services information to spy on Facebook and Gmail.
In Black Hat Asia, the pair once again proved that the Internet can not be the term security even in the most popular online services, investing a lot of money and labor hours to protect themselves.
The new version of BREACH (Browser Reconnaissance and Exfiltration via Adaptive Compression of Hypertext) is even more powerful: hackers can target "noisy" end-points that do not use strong encryption algorithms, including AES 128 bit.
They say the new attack is also 500 times faster than the original attack.
The original BREACH attack was released to Black Hat at 2013 and was internationally recognized. The attack offended the common Deflate data compression algorithm used to save bandwidth on Internet communications.
Karakostas and Zedros (@dionyziz) from the National Technical University of Athens and the University of Athens described the project them in the document Practical New Developments on BREACH (PDF).
On stage at Black Hat Asia, they demonstrated how the attack could be used to read them messages of the victim on Facebook but also Gmail emails using it "Rupture" framework, which they have developed and makes attack much simpler.
An attack, however, is not a toy and said it would take weeks to successfully break a target.
The "Rupture" framework is open source and is developed by Ph.D. students of the group.
