web analytics

Warning: Malware, rogue users can spy on some apps’ HTTPS crypto – by whipping them with a CAT o’ ni

Malicious code can spy on OpenSSL, Apple CoreTLS, etc

 
By Thomas Claburn  1 Dec 2018
 

 

Crypto boffins have found a way to exploit side-channel information to downgrade most of the current TLS implementations, thanks to ongoing support for outmoded RSA key exchanges.

 

In a paper published on Friday, “The 9 Lives of Bleichenbacher’s CAT: New Cache ATtacks on TLS Implementations,” co-authors Eyal Ronen, Robert Gillham, Daniel Genkin, Adi Shamir, David Wong and Yuval Yarom describe an updated version of an attack, first outlined by Swiss cryptographer Daniel Bleichenbacher two decades ago.

 

Full Article.






Take a look at the best antivirus, anti-malware, anti-spy, etc. software