menu

Contact Us

1 (800) 723-1166 |

bicycle

Homebicycle
Homebicycle

LabTALK Episode 13: Kangaroos, Bicycles & Counting Down

Guest speaker Nicholas Griffin (Sr. Security Researcher) and Carl Leonard (Principal Security Analyst) discuss the malicious email campaign that drops Ursnif, the HTTPS Bicycle attack and look forward to the announcement of our new company name and identity.

HTTPS Bicycle Attack - Obtaining Passwords From TLS Encrypted Browser Requests

A paper detailing a new attack vector on TLS was released on December 30. The attack, known as the HTTPS Bicycle Attack, is able to determine the length of specific parts of the plain-text data underneath captured TLS packets using a side-channel attack with already known information. The attack has a few prerequisites but could be applied in a real world scenario, and is completely undetectable due to its passive nature.