-
March 23rd, 2010, 08:51 PM
#1
Search Engines Leak?
Google, Yahoo, Microsoft's Bing, and other leading websites are leaking medical histories, family income, search queries, and massive amounts of other sensitive data that can be intercepted even when encrypted, computer scientists revealed in a new research paper.
Researchers from Indiana University and Microsoft itself were able to infer the sensitive data by analyzing the distinct size and other attributes of each exchange between a user and the website she was interacting with. Using man-in-the-middle attacks, they could glean the information even when transactions were encrypted using the Secure Sockets Layer, or SSL, protocol or the WPA, or Wi-fi Protected Access protocol.
Interesting article here:
http://www.theregister.co.uk/2010/03...acks_web_apps/
-
March 24th, 2010, 06:22 AM
#2
The threat is significant because it stems from fundamental characteristics of software-as-a-service applications that have been in vogue for about a decade.
Purdy scary stuff...
Effective and efficient mitigations have to be application-specific: developers will need to identify the vulnerabilities first, and then specify mitigation policies accordingly," the researchers wrote. "This effort requires analysis of web application semantics, information flow and network traffic patterns."
Patterns...I love patterns
MLF
How people treat you is their karma- how you react is yours-Wayne Dyer
Similar Threads
-
By scratchONtheBOX in forum Other Tutorials Forum
Replies: 6
Last Post: March 30th, 2005, 04:53 PM
-
By d00dz Attackin in forum Other Tutorials Forum
Replies: 22
Last Post: November 20th, 2004, 10:49 AM
-
By Unleashed in forum Miscellaneous Security Discussions
Replies: 1
Last Post: April 8th, 2002, 01:35 PM
-
By jared_c in forum The Security Tutorials Forum
Replies: 1
Last Post: March 11th, 2002, 02:47 PM
-
By Remote_Access_ in forum Non-Security Archives
Replies: 6
Last Post: November 29th, 2001, 04:56 AM
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|