Security weakness allows HTTPS session hijacking

[Mousey]

You do not have permission to view link Log in or register now.

Researchers have identified a security weakness that allows them hijack web browser sessions even when they're protected by the HTTPS encryption that banks and ecommerce sites use to prevent snooping on sensitive transactions.

The technique exploits web sessions protected by the Secure Sockets Layer and Transport Layer Security protocols when they use one of two data-compression schemes designed to reduce network congestion or the time it takes for webpages to load. Short for Compression Ratio Info-leak Made Easy, CRIME works only.....

 

[conker]

Oh great, that pretty much means anything can be hacked. Thanks for the heads-up Mousey.

 

[chayton]

Huh...it does say IE, Firefox and Chrome are 'believed to be' immune, so most computer users should be ok. It's all the people who use smart phones and other devices that would be most at risk. Although it's not really safe to be too complacent.