CHAPTER 1

image

Introduction to Security

Scenario 1: A post on http://threatpost.com, Threatpost, the Kaspersky Lab Security News Service, dated August 5th, 2013 with the title “BREACH Compression Attack Steals HTTPS Secrets in Under 30 Seconds” by Michael Mimoso, states1:

“A serious attack against ciphertext secrets, buried inside HTTPS responses, has prompted an advisory from Homeland Security.

The BREACH attack is an offshoot of CRIME, which was thought dead and buried after it was disclosed in September. Released at last week’s Black Hat USA 2013, BREACH enables an attacker to read encrypted messages over the Web by injecting plaintext into an ...

Get The InfoSec Handbook now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.