ZDNet

Advertisers can track users across the Internet via TLS Session Resumption

An academic paper published last month has shed new light on a new user tracking technique that takes advantage of a legitimate mechanism associated with the TLS (Transport Layer Security) protocol ...
PC World

‘CRIME’ attack abuses SSL/TLS data compression feature to hijack HTTPS sessions

The ‘CRIME’ attack announced last week exploits the data compression scheme used by the TLS (Transport Layer Security) and SPDY protocols to decrypt user authentication cookies from HTTPS (HTTP Secure ...
Threat Post

New Attack Uses SSL/TLS Information Leak to Hijack HTTPS Sessions

There is a feature supported by the SSL/TLS encryption standard and used by most of the major browsers that leaks enough information about encrypted sessions to enable attackers decrypt users’ ...
Ars Technica

Crack in Internet’s foundation of trust allows HTTPS session hijacking

Researchers have identified a security weakness that allows them to hijack web browser sessions even when they’re protected by the HTTPS encryption that banks and e-commerce sites use to prevent ...
CSOonline

Decryption Is Key for Enhanced Security and Monitoring

In Part 1 of my series on Transport Layer Security (TLS) decryption, I went over a few basics of encryption, discussed TLS 1.2, and concluded by outlining the improvements TLS 1.3 provided. In this ...