ZDNet

Advertisers can track users across the Internet via TLS Session Resumption

An academic paper published last month has shed new light on a new user tracking technique that takes advantage of a legitimate mechanism associated with the TLS (Transport Layer Security) protocol ...
Threat Post

New Attack Uses SSL/TLS Information Leak to Hijack HTTPS Sessions

There is a feature supported by the SSL/TLS encryption standard and used by most of the major browsers that leaks enough information about encrypted sessions to enable attackers decrypt users’ ...
Computerworld

‘CRIME’ attack abuses SSL/TLS data compression feature to hijack HTTPS sessions

The ‘CRIME’ attack announced last week exploits the data compression scheme used by the TLS (Transport Layer Security) and SPDY protocols to decrypt user authentication cookies from HTTPS (HTTP Secure ...

What the post-quantum shift means for your security strategy

Post-quantum security revolves around staying in the race because when quantum arrives, it won’t send a warning. Those who ...
Tidbits

Google’s Gmail Defaults to Encrypted Sessions

Google has announced that all Gmail sessions are now secured using SSL/TLS by default, rather than as a choice each individual user had to make in configuration settings. The previous default setting ...
Computerwoche Online

‘CRIME’ attack abuses SSL/TLS data compression feature to hijack HTTPS sessions

However, the level of support for TLS or SPDY compression is not very good on the client side, Ristic said. One source of data suggested that 10 percent of clients support TLS compression, he said. In ...