Task #3891
review vulnerability to BREACH attacks
Status:
New
Priority:
Normal
Assignee:
Category:
Authentication, Authorization
Target version:
-
Start date:
2013-08-07
Due date:
% Done:
0%
Milestone:
None
Product Version:
*
Story Points:
Sprint:
Description
Description at: http://arstechnica.com/security/2013/08/gone-in-30-seconds-new-attack-plucks-secrets-from-https-protected-pages/
The technique works by exploiting patterns of similarity in compressed HTTPS responses. Turning of gzip compression on the server response avoids the vulnerability at the expense of increased bandwidth.
Goal of this task is to determine which, if any, services provided by DataONE are vulnerable (i.e. provide interesting information) to an attacker.
