Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

HTTP compression continues to put encrypted communications at risk

Lucian Constantin | April 5, 2016
Researchers improve the BREACH attack to extract sensitive data from encrypted HTTPS connections faster

This mechanism was primarily intended to protect against cross-site request forgery (CSRF) attacks, but breaks BREACH as well, because the attack relies on a similar method of initiating rogue cross-site requests.

Google Chrome will enable support for same-site cookies in version 51, which will reach stable status in May. However, unless the mechanism is implemented in all browsers there will be little incentive for website owners to start using the new "SameSite" flag for their cookies.

 

Previous Page  1  2  3 

Sign up for CIO Asia eNewsletters.