Ξ welcome to cryptostorm's member forums ~ you don't have to be a cryptostorm member to post here Ξ
Ξ any OpenVPN configs found on the forum are likely outdated. For the latest, visit here or GitHub Ξ
Ξ If you're looking for tutorials/guides, check out the new https://cryptostorm.is/#section6 Ξ

[BleepingComputer] VORACLE Attack Can Recover HTTP Data From VPN Connections

Industry news items concerning VPNs, darknets, crypto, surveillance and secure computing.
User avatar

Topic Author
parityboy
Site Admin
Posts: 1281
Joined: Wed Feb 05, 2014 3:47 am

[BleepingComputer] VORACLE Attack Can Recover HTTP Data From VPN Connections

Postby parityboy » Tue Aug 21, 2018 9:58 pm

VORACLE = CRIME for VPNs

VORACLE is not a new attack per-se, but a variation and mix of older cryptographic attacks such as CRIME, TIME, and BREACH.

In those previous attacks, researchers discovered that they could recover data from TLS-encrypted connections if the data was compressed before it was encrypted.

Fixes for those attacks were deployed in 2012 and 2013, respectively, and HTTPS connections have been safe ever since.

But Nafeez discovered that the theoretical points of those attacks were still valid when it came to some type of VPN traffic.

Nafeez says that VPN services/clients that compress HTTP web traffic before encrypting it as part of the VPN connection are still vulnerable to those older attacks.


Source

...and that, ladies and gents, is why HTTPS is so important. :)

User avatar

Fermi
Site Admin
Posts: 228
Joined: Tue Jun 17, 2014 11:42 am

Re: [BleepingComputer] VORACLE Attack Can Recover HTTP Data From VPN Connections

Postby Fermi » Tue Aug 21, 2018 11:22 pm

We did study this attack and will take appropriate actions to disable pre-encryption compression.
Twitter and this forum will keep you up to date on the changes we are planning.

/Fermi



Return to “crypto, VPN & security news”

Who is online

Users browsing this forum: No registered users and 11 guests

Login