PC World

HTTP compression continues to put encrypted communications at risk

Security researchers have expanded and improved a three-year-old attack that exploits the compression mechanism used to speed up browsing in order to recover sensitive information from encrypted Web ...
Threat Post

BREACH Compression Attack Steals HTTPS Secrets in Under 30 Seconds

Homeland Security released an advisory on the BREACH attack, a side-channel compression attack similar to CRIME, except that it steals secrets from HTTPS responses. A serious attack against ciphertext ...
Ars Technica

Gone in 30 seconds: New attack plucks secrets from HTTPS-protected pages

The HTTPS cryptographic scheme, which protects millions of websites, is susceptible to a new attack that allows hackers to pluck e-mail addresses and certain types of security credentials out of ...
Ars Technica

Crack in Internet’s foundation of trust allows HTTPS session hijacking

Researchers have identified a security weakness that allows them to hijack web browser sessions even when they’re protected by the HTTPS encryption that banks and e-commerce sites use to prevent ...