[OWASP_PHPSEC] HTTPS Security

Abbas Naderi abiusx at owasp.org
Fri Aug 2 12:51:16 UTC 2013


a new attack has been proposed in BlackHat, regarding HTTPS, which uses oracles:
http://arstechnica.com/security/2013/08/gone-in-30-seconds-new-attack-plucks-secrets-from-https-protected-pages/

This further proves my point that HTTPS connections have to be concatenated with random garbage, to prevent many types of attacks.
We need a core library that does this with HTTPS, via a shutdown function.
Thanks
-Abbas

______________________________________________________________
Notice: This message is digitally signed, its source and integrity are verifiable.
If you mail client does not support S/MIME verification, it will display a file (smime.p7s), which includes the X.509 certificate and the signature body.  Read more at Certified E-Mail with Comodo and Thunderbird in AbiusX.com

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp_php_security_project/attachments/20130802/57a2b09f/attachment.html>


More information about the OWASP_PHP_Security_Project mailing list