Researchers have found that a traffic analysis of ten HTTPS-secured Web sites yielded “personal data such as medical conditions, legal or financial affairs or sexual orientation”
Don't worry the attack isn't trivial because he attacker
- Should be able to visit the same Web pages as the target
- Should be able to capture the victim's traffic.
The researchers used traffic analysis covering the Mayo Clinic, Planned Parenthood, Kaiser Permanente, Wells Fargo, Bank of America, Vanguard, the ACLU ,Legal Zoom, Netflix and YouTube
Good news is this attack can be mitigated, with a padding technique they refer to as “Burst padding”
The links below has more details:
http://www.theregister.co.uk/2014/03/06/even_https_can_leak_your_private_browsing/
No comments:
Post a Comment