New exploit can attack secure websites via ads

The HTTPS cryptographic scheme protecting millions of websites is vulnerable to a newly revived attack that exposes encrypted e-mail addresses, social security numbers, and other sensitive data even when attackers don't have the ability to monitor a targeted end user's Internet connection.

Security researchers at KU Leuven have discovered an attack technique, HEIST (HTTP Encrypted Information can be Stolen Through TCP-Windows), that helps compromise an encrypted website using only a JavaScript file hidden in a maliciously-crafted ad or page. Unlike many similar attacks, you don't need a man-in-the-middle spot to make this work -- it can gauge the size of an encrypted response (and thus enable an attack) all on its own. Combine it with another technique and it's relatively easy to pluck sensitive info from encrypted data traffic, such as email addresses and banking details.

The team's Tom Van Goethem tells Ars Technica that the only surefire way to prevent attacks in the short term is to disable third-party cookies. That's not hard to do (multiple browsers have an option for it), but it's rarely turned on by default. Thankfully, the researchers have already revealed their findings to Google and Microsoft. It's not certain that they'll have patches in place soon, but the advance disclosure at least raises hope that this latest exploit won't be available forever.

Source: Black Hat,

The owner of will not be liable for any errors or omissions in this information nor for the availability of this information. The owner will not be liable for any losses, injuries, or damages from the display or use of this information.Report any Broken Download linkon Blogmytuts Facebook Page. IF YOU WANT TO BORROW MY CONTENT PLEASE CONTACT US..
Share on Google Plus

About Jaime Lacson

A Freelance Computer Tech with knowledge about computer, router and mobile phones, especially in Upgrade and Downgrade OS, Software and Hardware troubleshooting. follow me at Google+
    Blogger Comment
    Facebook Comment