Abbas Naderi abiusx at owasp.org
Fri Aug 2 12:51:16 UTC 2013

a new attack has been proposed in BlackHat, regarding HTTPS, which uses oracles:

This further proves my point that HTTPS connections have to be concatenated with random garbage, to prevent many types of attacks.
We need a core library that does this with HTTPS, via a shutdown function.

Notice: This message is digitally signed, its source and integrity are verifiable.
If you mail client does not support S/MIME verification, it will display a file (smime.p7s), which includes the X.509 certificate and the signature body.  Read more at Certified E-Mail with Comodo and Thunderbird in AbiusX.com

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp_php_security_project/attachments/20130802/57a2b09f/attachment.html>

More information about the OWASP_PHP_Security_Project mailing list