menu

Contact Us

1 (800) 723-1166 |

HTTPS

HomeHTTPS
HomeHTTPS

LabTALK Episode 13: Kangaroos, Bicycles & Counting Down

Guest speaker Nicholas Griffin (Sr. Security Researcher) and Carl Leonard (Principal Security Analyst) discuss the malicious email campaign that drops Ursnif, the HTTPS Bicycle attack and look forward to the announcement of our new company name and identity.

HTTPS Bicycle Attack - Obtaining Passwords From TLS Encrypted Browser Requests

A paper detailing a new attack vector on TLS was released on December 30. The attack, known as the HTTPS Bicycle Attack, is able to determine the length of specific parts of the plain-text data underneath captured TLS packets using a side-channel attack with already known information. The attack has a few prerequisites but could be applied in a real world scenario, and is completely undetectable due to its passive nature.

RC4 NOMORE - Decrypting Cookies In Just 52 Hours

Researchers Mathy Vanhoef and Frank Piessens, from the University of Leuven, have shown that they can exploit weaknesses in the RC4 algorithm in order to decrypt web cookies used to store end-user content when communicating with HTTPS-enabled websites.

RC4 is one of several algorithms used to encrypt content for use with TLS.  RC4 was designed almost 30 years ago and has since been shown to be vulnerable to attack.

[UPDATED 17 July 2015]