HTTPS hackable in 30 seconds: DHS alert


Security experts are warning website operators to test whether their HTTPS traffic is vulnerable to a new crypto attack that can be used to grab sensitive information, InformationWeek reports. The so-called BREACH attack — short for Browser Reconnaissance and Exfiltration via Adaptive Compression of Hypertext — was detailed in a Department of Homeland Security (DHS) “BREACH vulnerability in compressed HTTPS” advisory, issued Friday, which warned that “a sophisticated attacker may be able to derive plaintext secrets from the ciphertext in an HTTPS stream.” All versions of the transport layer security (TLS) and secure sockets layer (SSL) protocols are vulnerable. … Their attack is the latest exploit that demonstrates that so-called secure HTML pages aren’t always fully secure.

Read more

Sign up for our newsletter

Newsletter: Innovations in K12 Education
By submitting your information, you agree to our Terms & Conditions and Privacy Policy.

IT Campus Leadership

Your source for IT solutions and innovations to support campus-wide success. Weekly on Wednesday.

  • Hidden
  • Hidden
  • Please enter your work email address.
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • This field is for validation purposes and should be left unchanged.