Archives

HTTP Cookie Hijacking in the Wild: Security and Privacy Implications

September 7, 2016 By In Network Security No Comments

The widespread demand for online privacy, also fueled by widely-publicized demonstrations of session hijacking attacks against popular websites (see Firesheep), has spearheaded the increasing deployment of HTTPS. However, many websites still avoid ubiquitous encryption due to performance or compatibility issues. The prevailing approach in these cases is to force critical functionality and sensitive data access […]

Read More

HEIST: HTTP Encrypted Information can be Stolen Through TCP-Windows

September 7, 2016 By In Network Security No Comments

Over the last few years, a worryingly number of attacks against SSL/TLS and other secure channels have been discovered. Fortunately, at least from a defenders perspective, these attacks require an adversary capable of observing or manipulating network traffic. This prevented a wide and easy exploitation of these vulnerabilities. In contrast, we introduce HEIST, a set […]

Read More

Recent Posts

Recent Comments

    Archives

    Categories

    Meta