[B! crime] Jxckã®ãƒ–ãƒƒã‚¯ãƒžãƒ¼ã‚¯

Jxck id:Jxck

crimeã«é–¢ã™ã‚‹Jxckã®ãƒ–ãƒƒã‚¯ãƒžãƒ¼ã‚¯ (11)

${{author_name}}$

{{{comment_expanded}}}

{{label}}

{{#is_bookmark}}ãƒªã‚¹ãƒˆ{{/is_bookmark}}{{^is_bookmark}}ãƒªãƒ³ã‚¯{{/is_bookmark}}

${{author_name}}$
{{author_name}}{{created}}
{{ #comment }}{{ comment }}{{ /comment }}
- {{ label }}

${{author_name}}$

{{{comment_expanded}}}

{{label}}

{{#is_bookmark}}ãƒªã‚¹ãƒˆ{{/is_bookmark}}{{^is_bookmark}}ãƒªãƒ³ã‚¯{{/is_bookmark}}

779413 - (CVE-2012-3977) SPDY compression infoleak (CRIME)
Jxck 2013/02/27
spdy

crime
ãƒªãƒ³ã‚¯
Old Version of Google Chrome 20.0.1132.47 Download - OldApps.com for Mac
Jxck 2013/02/02
crime
ãƒªãƒ³ã‚¯
SPDY compression and CRIME attack from Mike Belshe on 2012-09-14 ([email protected] from July to September 2012)
From: Mike Belshe <[email protected]> Date: Thu, 13 Sep 2012 20:20:49 -0700 To: httpbis mailing list <ietf [email protected]> Message-ID: <CABaLYCsAmOe7z68E25pfYsuhb8r_AsH-AbzX-VfUYK_VGWbGDg@mail.gmail.com> You may have read about the CRIME attack recently: http://security.stackexchange.com/questions/19911/crime-how-to-beat-the-beast-successor/19914#19914 http://www.cio.com/article/716161/_39_CRIME_39_
Jxck 2013/01/30
crime
ãƒªãƒ³ã‚¯
2012å¹´11æœˆ24æ—¥ â€“ rm -fr /*
SSLã®( Â´Ï‰ï½€) è¨¼æ˜Žæ›¸ã¨CipherSuiteã¨ä»–è¨å®šã‚’æŽ¡ç‚¹ã—ã¦ãã‚Œã‚‹ã‚µã‚¤ãƒˆãŒã‚ã‚Šã¾ã™ã€‚ Qualys â€¦
Jxck 2013/01/30
crime
ãƒªãƒ³ã‚¯
CRIME: Information Leakage Attack against SSL/TLS | Qualys Security Blog
It seems that it is that time of year again, when Juliano and Thai present their most recent attack against crypto system. Last year, it was BEAST. This year, itâ€™s CRIME, a practical attack against how TLS is used in browsers. In a wider sense, the same attack conceptually applies to any encrypted protocol where the attacker controls what is being communicated. Initially, it was only known that th
Jxck 2013/01/30
crime
ãƒªãƒ³ã‚¯
More Details on CRIME Attack: Takes Advantage Of TLS Compression [VIDEO]
Post author:Paolo Passeri Post published:September 13, 2012 Post category:Security Post comments:2 Comments Reading time:2 mins read Last Updated on May 24, 2015 More details have been released about CRIME, the brand new attack against TLS developed by Juliano Rizzo and Thai Duong. The attack takes advantage of a flaw in the compression ratio of TLS requests wich allows the attacker to decrypt the
Jxck 2013/01/30
crime
ãƒªãƒ³ã‚¯
CRIME
ã“ã®ãƒ–ãƒ©ã‚¦ã‚¶ ãƒãƒ¼ã‚¸ãƒ§ãƒ³ã®ã‚µãƒãƒ¼ãƒˆã¯çµ‚äº†ã—ã¾ã—ãŸã€‚ã‚µãƒãƒ¼ãƒˆã•ã‚Œã¦ã„ã‚‹ãƒ–ãƒ©ã‚¦ã‚¶ã«ã‚¢ãƒƒãƒ—ã‚°ãƒ¬ãƒ¼ãƒ‰ã—ã¦ãã ã•ã„ã€‚
Jxck 2013/01/30
crime
ãƒªãƒ³ã‚¯
CRIME : New SSL/TLS attack for Hijacking HTTPS Sessions
Two security researchers claim to have developed a new attack that can decrypt session cookies from HTTPS (Hypertext Transfer Protocol Secure) connections. From the security researchers who created and demonstrated the BEAST (Browser Exploit Against SSL/TLS) tool for breaking SSL/TLS encryption comes another attack that exploits a flaw in a feature in all versions of TLS. The new attack has been g
Jxck 2013/01/30
crime
ãƒªãƒ³ã‚¯
'CRIME' Attack Abuses SSL/TLS Data Compression Feature to Hijack HTTPS Sessions | CIO
'CRIME' Attack Abuses SSL/TLS Data Compression Feature to Hijack HTTPS Sessions SSL/TLS data compression leaks information that can be used to decrypt HTTPS session cookies, researchers say The 'CRIME' attack announced last week exploits the data compression scheme used by the TLS (Transport Layer Security) and SPDY protocols to decrypt user authentication cookies from HTTPS (HTTP Secure) traffic,
Jxck 2013/01/25
crime
ãƒªãƒ³ã‚¯
SSL/SPDYã‚’æ”»æ’ƒã™ã‚‹CRIMEã¯BEASTã®æ£çµ±ãªå¾Œç¶™è€…ã
ã¯ã˜ã‚ã« ä»¥å‰ã®ã‚¨ãƒ³ãƒˆãƒªã§SSLã«å¯¾ã™ã‚‹æ–°ã—ã„æ”»æ’ƒæ‰‹æ³•ã€ŒBEASTã€ã‚’ç´¹ä»‹ã—ã¾ã—ãŸãŒã€ä»Šå›žã¯BEASTã‚’ã•ã‚‰ã«ç™ºå±•ã•ã›ãŸã€ŒCRIMEã€ã¨ã„ã†æ”»æ’ƒã«ã¤ã„ã¦ç°¡å˜ã«ç´¹ä»‹ã—ãŸã„ã¨æ€ã„ã¾ã™ã€‚ä¸€æ¬¡æƒ…å ±æºã¨ã—ã¦ã“ã¡ã‚‰ã®ã‚¹ãƒ©ã‚¤ãƒ‰ï¼ˆè‹±èªžï¼‰ãŒé–²è¦§ã§ãã¾ã™ã®ã§ã€æ™‚é–“ãŒã‚ã‚‹æ–¹ã¯ãœã²ç›®ã‚’é€šã—ã¦ã¿ã¦ãã ã•ã„ã€‚ CRIMEã®æ„å‘³ CRIMEã¯ "Compression Ratio Info-Leak Made Easy" ã‚ã‚‹ã„ã¯ "Compression Ratio Info-Leak Mass Exploitation" ã®é æ–‡å—ã§ã€SSLã‚„SPDYï¼ˆã‚ã‚‹ã„ã¯HTTPãƒœãƒ‡ã‚£éƒ¨ã®gzipåœ§ç¸®ï¼‰ã§ä½¿ã‚ã‚Œã‚‹åœ§ç¸®ã‚¢ãƒ«ã‚´ãƒªã‚ºãƒ ã«æ³¨ç›®ã—ãŸæ”»æ’ƒæ‰‹æ³•ã§ã™ã€‚ã‚ã¾ã‚ŠçŸ¥ã‚‰ã‚Œã¦ã„ã¾ã›ã‚“ãŒSSLã«ã¯åœ§ç¸®æ©Ÿèƒ½ãŒå˜åœ¨ã—ã¦ãŠã‚Šã€ã‚µãƒ¼ãƒå´ãƒ»ã‚¯ãƒ©ã‚¤ã‚¢ãƒ³ãƒˆå´åŒæ–¹ãŒåœ§ç¸®æ©Ÿèƒ½ã‚’ONã«ã—ã¦ã„ã‚‹å ´åˆã«ã€ãƒ‡ãƒ¼ã‚¿ãŒåœ§ç¸®ã•ã‚Œã¾ã™ã€‚ BEASTã¨ã®é–¢ä¿‚ CRIMEã¯B
Jxck 2012/11/01
spdy

crime
ãƒªãƒ³ã‚¯
ç ”ç©¶è€…ãŒæ–°ãŸãªTLSï¼SSLã®è„†å¼±æ€§æ”»æ’ƒãƒ„ãƒ¼ãƒ«ç™ºè¡¨ã¸ã€HTTPSã‚»ãƒƒã‚·ãƒ§ãƒ³ã‚’ä¹—ã£å–ã‚Šå¯èƒ½
æ–°æ”»æ’ƒãƒ„ãƒ¼ãƒ«ã®ã€ŒCRIMEã€ã¯ã€åœ§ç¸®ãƒ—ãƒãƒˆã‚³ãƒ«ã€ŒSPDYã€ã®å®Ÿè£…ã«é–¢ã™ã‚‹è„†å¼±æ€§ã‚’çªãã€SSLã§æš—å·åŒ–ã•ã‚ŒãŸHTTPSã‚»ãƒƒã‚·ãƒ§ãƒ³ã‚’ä¹—ã£å–ã‚‹ã“ã¨ãŒã§ãã¦ã—ã¾ã†ã¨ã„ã†ã€‚ ã‚¢ãƒ«ã‚¼ãƒ³ãƒãƒ³ã§9æœˆ19æ—¥ã‹ã‚‰é–‹ã‹ã‚Œã‚‹ã‚»ã‚ãƒ¥ãƒªãƒ†ã‚£ã‚«ãƒ³ãƒ•ã‚¡ãƒ¬ãƒ³ã‚¹ã€Œekopartyã€ã§ã€2äººã®ã‚»ã‚ãƒ¥ãƒªãƒ†ã‚£ç ”ç©¶è€…ãŒTLSï¼SSLã‚’æ”»æ’ƒã™ã‚‹æ–°ãƒ„ãƒ¼ãƒ«ã€ŒCRIMEã€ã®ç™ºè¡¨ã‚’äºˆå®šã—ã¦ã„ã‚‹ã€‚ç±³ã‚»ã‚ãƒ¥ãƒªãƒ†ã‚£æ©Ÿé–¢ã®SANS Internet Storm CenterãŒãƒ–ãƒã‚°ã§ä¼ãˆãŸã€‚ SANSã®13æ—¥ã®ãƒ–ãƒã‚°ã«ã‚ˆã‚‹ã¨ã€åŒãƒ„ãƒ¼ãƒ«ã¯åœ§ç¸®ãƒ—ãƒãƒˆã‚³ãƒ«ã€ŒSPDYã€ã®å®Ÿè£…ã«é–¢ã™ã‚‹è„†å¼±æ€§ã‚’çªãã€SSLã§æš—å·åŒ–ã•ã‚ŒãŸHTTPSã‚»ãƒƒã‚·ãƒ§ãƒ³ã‚’ä¹—ã£å–ã‚‹ã“ã¨ãŒã§ãã¦ã—ã¾ã†ã€‚ã“ã®æ”»æ’ƒã¯ã€Webã‚µã‚¤ãƒˆã¨Webãƒ–ãƒ©ã‚¦ã‚¶ã®ä¸¡æ–¹ãŒSPDYã‚’ã‚µãƒãƒ¼ãƒˆã—ã¦ã„ã‚‹å ´åˆã«ã®ã¿é€šç”¨ã™ã‚‹ã‚ˆã†ã ã¨ã—ã¦ã„ã‚‹ã€‚ SPDYã‚’ã‚µãƒãƒ¼ãƒˆã—ã¦ã„ã‚‹ã®ã¯ã€ä¸»è¦ãƒ–ãƒ©ã‚¦ã‚¶ã§ã¯Mozillaã®Firefoxã¨Go
Jxck 2012/09/20
spdy

crime
ãƒªãƒ³ã‚¯
1