CRIME attack is shown to decrypt HTTPS web sessions

first_img Security researchers Juliano Rizzo and Thai Duong devised a technique that can attack web sessions that are protected by the Secure Sockets Layer and Transport Layer Security protocols, only when they use certain data-compression schemes. These are compression schemes that reduce network congestion or the time it takes for webpages to load. Security experts have noted that a downside of compression is that it leaks clues about encrypted contents. For the attack to work, a computer user’s client and server hosting the targeted website need to support the vulnerable SSL/TLS features. According to reports, Internet Explorer was never vulnerable because it never supported SPDY or the TLS compression scheme known as Deflate. Apple’s Safari browser doesn’t support SPDY, but its use of compression is unknown.Google and Mozilla released patches after the weaknesses were reported by the researchers. A video taken by Rizzo and Duong shows Github.com, Dropbox.com, and Stripe.com, when visited with Chrome, succumbing to the CRIME attack, but those sites had disabled compression and are no longer vulnerable. Mozilla and Google have prepared patches that block the attack. More information: www.ekoparty.org/2012/juliano-rizzo.php This is a short demo of the CRIME attack against TLS protocol. Rizzo and Duong will take their demo of CRIME to the Buenos Aires, Argentina, security conference, Ekoparty, on September 21. Their attack technique no longer works on the most popular browsers to connect to HTTPS-protected websites, but security watchers believe this is a most useful reminder that the science of encrypton protection knows no rest. Their CRIME exploit is the type of attack that would be a large-scale attack by geopolitical antagonists. In turn, security watchers reasons are paying attention to the researchers’ CRIME technique. Citation: CRIME attack is shown to decrypt HTTPS web sessions (2012, September 14) retrieved 18 August 2019 from https://phys.org/news/2012-09-crime-shown-decrypt-https-web.html This document is subject to copyright. Apart from any fair dealing for the purpose of private study or research, no part may be reproduced without the written permission. The content is provided for information purposes only. © 2012 Phys.org Hackers target British anti-crime agency website Explore further (Phys.org)—The fun of acronyms is reflected in coming up with CRIME, which stands for Compression Ratio Info-leak Made Easy. What it translates into, though, is not much fun. Two security researchers have developed the CRIME attack that can successfully decrypt session cookies from HTTPS (Hypertext Transfer Protocol Secure) connections. This, in theory, would be a serious weakness that would enable the hijacking of a user’s session cookie while the user is still authenticated to a website. Encryption protocols are the Internet’s fundamental safety cushion, the basic level of trust, in encrypting traffic that flows over open networks. They cryptographically confirm websites are really operated by those sites rather than cyber-criminals and spies. last_img read more

Continue reading

Tea association and unions fail to resolve arrear impasse

first_imgDarjeeling: The recent meeting between the Darjeeling Tea Association and the trade unions failed to resolve the ongoing arrear impasse. In January 2018, the daily wages of tea garden workers had been increased by Rs 17.50. In majority of tea gardens in the Hills, the increment took effect from March 2018.”Though a year has passed, still the arrear has not been paid in around 60 per cent of the tea gardens in the Hills,” said Balam Tamang, president, Darjeeling sub division committee, Darjeeling Terai Dooars Plantation Labour Union, which is affiliated to the Gorkha Janmukti Morcha. There are 87 gardens in the Hills. On March 1, the Darjeeling Terai Dooars Plantation Labour Union had issued an ultimatum to the gardens that if arrears were not paid within March 6, the dispatch of tea would be stopped from March 7. The joint forum of tea trade unions had threatened to stop plucking of leaves, if arrears were not paid by March 10. “Arrears could not be paid to tea workers because of financial paucity. By stopping plucking and dispatches the financial situation would further get compounded which would be detrimental to the interest of the workers and the onus of which would be on the trade unions themselves,” said Sandeep Mukherjee, principal advisor, Darjeeling Tea Association. Also Read – Bose & Gandhi: More similar than apart, says Sugata BoseThe unions have decided to continue the agitation. “The meeting failed because the Darjeeling Tea Association did not agree to pay arrears by March 10. They have not announced a fresh date for a meeting also. We will continue with the protests,” Tamang said. The joint forum has also decided to continue with the agitation. “We will wait till March 10 as declared earlier. If they fail to pay the arrear we will stop plucking tea leaves from March 11,” said Saman Pathak, a member of the joint forum.last_img read more

Continue reading

Travelweeks Myrtle Beach contest winner announced

first_img Friday, August 26, 2016 Share << Previous PostNext Post >> TORONTO — Cathy Fertser of Twin Travel in British Columbia has been named the winner of the Visit Myrtle Beach tic tac toe contest that ran on Travelweek.ca earlier this year. Fertser has won two return airline tickets from Toronto to Myrtle Beach and a four-night stay for two at the Hampton Inn & Suites Oceanfront Resort Myrtle Beach, courtesy of sponsors WestJet and WestJet Vacations. She has also won admission tickets for two to Ripley’s Aquarium, the Sky Wheel and Brookgreen Gardens, theatre tickets for two to the Legends in Concert and The Carolina Opry live entertainment shows, and dinner for two at Tupelo Honey Café.Travelweek would like to thank Visit Myrtle Beach and all the sponsors of the contest. For more information about Myrtle Beach, go to visitmyrtlebeach.com. For more travel agent contests, go to travelweek.ca/contests. Posted bycenter_img Travelweek Group Tags: Contests, Myrtle Beach Travelweek’s Myrtle Beach contest winner announcedlast_img read more

Continue reading

Japanese restaurant served the last meals of death row inmates

first_img<< Previous PostNext Post >> 毎日死刑囚のラストミール(最後の晩餐)を食べている。今日はジェームスポールジェニーガンの。強盗殺人の罪で薬物注射の刑。盗みに入った家の住人がそのタイミングで帰ってきてしまい、突発的に殺害して有罪。死刑にあたり自分の死体を献体する。1800の部位に切り分けられたにんげんレストラン pic.twitter.com/g1JvjyqvpC— 手塚マキ (@smappatekka) October 17, 2018 Thursday, November 1, 2018 Posted by Tags: Creepy, Japan Japanese restaurant served the last meals of death row inmatescenter_img TOKYO — What do you feel like for dinner? Morbid, with a side of Disturbing perhaps?The Ningen Restaurant in Tokyo raised a few eyebrows this month when it launched a pop-up dining experience during which guests ordered dishes inspired by the last meals of Death Row inmates in the U.S.During the two weeks it was open (it closed on Oct. 28 leading up to Halloween), the pop-up offered meals that included broccoli, asparagus, strawberries, tomatoes and hot tea (the last meal of the Florida ‘Black Widow’ in 1998), and a hamburger, baked potato, hard-boiled egg and three shots of Jack Daniels, which were enjoyed by murderer Gary Mark Gilmore prior to his execution.The morbid concept was the brainchild of art collective Chim↑Pom, and also included a gallery of artwork by Yasuyuki Nishio and Mermann Nitsch.And if the idea of eating criminals’ last meals wasn’t spooky enough, Ningen Restaurant (which also means The ‘Human’ Restaurant) was also housed in the Kabukicho Book Center, a squalid place scheduled for demolition this fall.More news:  Help Princess Cruises break the world record for largest vow renewal at seaWith such disturbing details, we bet diners rushed through their meals. Check, please!甘い香りが漂う店内で、巨大なチョコレートの塊を舐め続ける女のコを見ながら、ハンバーガーにかぶりつき、バーボンを嗜んできました。#にんげんレストラン pic.twitter.com/CHzYxA6Zk4— sequi@ya (@se_qui_ay) October 22, 2018 Travelweek Group 「1人で行きづらい店に同行してほしい」という依頼で「にんげんレストラン」へ。1人で行きづらさ溢れる店構え。写真2枚目はお通しのサプリメント。3枚目は店内にいた「おにぎりを解体する人」4枚目はジョン・ゲイシーという死刑囚(ITのモデル)が最後に食べた料理です。28日で閉店するのでお早めに pic.twitter.com/KXe9Y89XPQ— レンタルなんもしない人 (@morimotoshoji) October 25, 2018 Sharelast_img read more

Continue reading