HTTPS Bicycle attack: HTTPS protocol secure?

HTTPS Bicycle: A new attack on the supposedly secure HTTPS communication protocol raises questions about the resilience of passwords, security researchers warn.HTTPS Bicycle

A new attack named HTTPS Bicycle can lead to the disclosure of a person's private and secret data, such as passwords and GPS coordinates, exposed by HTTPS Traffic Packet Capture.

The attack discovered by security researcher Guido Vranken puts serious topics back on the table of experts : encryption, authentication, privacy and more specifically security codes.

It is commonly assumed that HTTP traffic protected with TLS does not reveal the exact sizes of its segments, such as the length of header, or the payload of a POST request to HTTP that may contain variable-length credentials such as passwords. In this paper I show that HTTP plaintext included in each request can be exploited to reveal the length of specific components (such as passwords) in particular requests (such as authentication to a web application).

Attack exploits the properties of stream-oriented cipher suites based on Galois / Counter Mode as the exact size of plain text that can be known to a man-in-the-middle.

Carl Leonard, the company's chief security analyst Rayston | Websense, commented:

"End users can expect their passwords to remain ι, όταν αλληλεπιδρούν με μια ιστοσελίδα που χρησιμοποιεί κρυπτογράφηση, αλλά η επίθεση HTTPS Bicycle δείχνει ότι αυτό δεν συμβαίνει. Η γνώση είναι η δύναμη του εισβολέα, και ακόμη και μικρά κομμάτια πληροφοριών μπορεί να οδηγήσουν σε μια μεταγενέστερη, πιο εκλεπτυσμένη επίθεση.”

Leonard continued:

"The undetectable nature of this attack means that it is vital for webmasters to consider using strong two-factor passwords and authentication to eliminate the single point of failure. Finally, users need to secure their passwords so that they are strong enough, while webmasters and web platform developers need to ensure that they are fully informed and that all steps are taken to prevent this attack in the future. . ”

More about the attack can be read from the link below

HTTPS Bicycle Attack

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.086 registrants.

bicyclecookieGPShttpslinkpasswords

Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).