All articles| All Pictures| All Softwares| All Video| Go home page| Write articles| Upload pictures
Reading number is top 10 articles
China’s first “most promising female scientists in the world“: not xueba,
小学生诗歌走红:放下手机,抱抱我吧! - 小学生,智能手机
无漫游费:北京电信京津冀畅游包正式上线 - 京津冀取消漫游,漫游费,长途费
Siemens after-sale repair 300 to change the motherboard, people spend 5 cents to change the fuse to get,
Microsoft also will sell advertising to launch United Kingdom Internet video services,
LOL show anchorwoman staged suicide: emergency bed after broadcast,
82岁老人要在楼顶建光伏电站:物业不批 - 发电站
Pies are falling from the sky? IBM quantum computer free,
乘客订单最后才派给出租车?滴滴辟谣称已报警 - 滴滴出行
联发科:除了骁龙810,高通处理器都没我们好 - 骁龙820,Helio X20,联发科,高通
Reading number is top 10 pictures
The little girl with long hair2
Park waits to have her picture taken exposed
Compared GDP and per capita income in China for 40 years
有种屌丝级别的好妹子
A man's favorite things6
你的钱干净吗?
看到这名字我也是醉了。。。。。。
29 the belle stars after bath figure3
The wise woman of chest1
粉红蕾丝的美女
Download software ranking
matrix3
Tram sex maniac 2 (H) rar bag16
I'm come from Beijing1
Sora aoi's film--cangkong_Blue.Sky
Twenty piece of palm leaf
asp.net技术内幕
Tram sex maniac 2 (H) rar bag2
Boxer Classic video1
Eclipse 4.2.1 For Win32
Boxer's Top ten classic battle6
published in(发表于) 2016/8/6 9:49:36 Edit(编辑)
Hacker innovation: “man in the Middle“ attack obsolete, bypass attack appeared,
Hacker innovation: “man in the Middle“ attack obsolete, bypass attack appeared,(黑客创新:“中间人”攻击已过时,旁路攻击现身,)

English

中文

Hacker innovation: "man in the Middle" attack obsolete, bypass attacks appeared-hacker, network security-IT information

IT information for SSL/TLS "man in the Middle" attacks are not uncommon, but security experts and to find a new way, and that is "no road", bypassing combination attack. It does not require an intermediary to sniff the traffic, disable third-party cookies to ease the threat of attack.

Traditional intermediaries for an attacker to sniff or control flow, which is one of the preconditions for this type of attack. In this year's "Black Hat (Black Hat)" Security Conference two security researchers come up with combinations of a new way to bypass, you do not need intermediaries to sniff traffic. This technique is known as the HEIST:HTTP of the Encrypted Information can be Stolen through TCP-windows, across the response packet that can be transmitted over the TCP layer size and lack of SSL/TLS message length to hide weaknesses, to deduce the information contained in the encrypted response. Researchers using this method can decrypt and encrypt e-mail addresses contained in the response, sensitive information such as social security account.

Two researchers in the public before publishing its report to the Google and Microsoft disclosed the findings in advance, their attacks are malicious ads displayed on this website by a third party to achieve. The researchers said, the only way to ease the disabling third-party cookies, most browsers accept third-party cookies by default, so users should guard against in time.


黑客创新:“中间人”攻击已过时,旁路攻击现身 - 黑客,网络安全 - IT资讯

IT资讯讯 针对SSL/TLS的“中间人”攻击并不少见,然而现在安全专家又研究出新的攻击方式,那就是“不走中路”,进行旁路组合攻击。这种方式并不需要中间人去嗅探流量,禁用第三方cookies能缓解这种攻击的威胁。

传统中间人攻击者能够嗅探或操控流量,这也是此类攻击的先决条件之一。在今年的“黑帽(Black Hat)”安全会议上,两位安全研究员拿出了新的组合旁路攻击的方法,不需要中间人去嗅探流量。这种攻击技术被称为《HEIST: HTTP Encrypted Information can be Stolen through TCP-windows》,可利用通过TCP层传输的跨越响应包大小和SSL/TLS缺乏明文信息长度隐藏能力的弱点,去推断出加密响应中包含的信息。研究人员利用这种方法可以解密和加密响应中包含的电子邮件地址、社会安全账户等敏感信息。

两名研究员在公开发表报告前已经向谷歌微软提前披露了这一发现,他们的攻击方式是通过在网站上展示第三方恶意广告来实现的。研究人员称,目前唯一缓和攻击的方法是禁用第三方cookies,而目前大部分浏览器都默认接受第三方cookies,所以相关用户还应该及时做好防范。
添加到del.icio.us 添加到新浪ViVi 添加到百度搜藏 添加到POCO网摘 添加到天天网摘365Key 添加到和讯网摘 添加到天极网摘 添加到黑米书签 添加到QQ书签 添加到雅虎收藏 添加到奇客发现 diigo it 添加到饭否 添加到飞豆订阅 添加到抓虾收藏 添加到鲜果订阅 digg it 貼到funP 添加到有道阅读 Live Favorites 添加到Newsvine 打印本页 用Email发送本页 在Facebook上分享
Disclaimer Privacy Policy About us Site Map
If you have any requirements, please contact webmaster。(如果有什么要求,请联系站长)
Copyright ©2011-
uuhomepage.com, Inc. All rights reserved.