Infiltrate Security Conference OPEN CFP

TALK PROFILE

FIESTA: an HTTPS side-channel party

Penetration Testing
45

In the past few years, several attacks exploiting side-channel issues in TLS traffic have been launched with the aim of extracting information protected by HTTPS. CRIME, BREACH and TIME are all good examples of such attacks. But they are known, and most Internet sites have introduced countermeasures to protect against them. Unfortunately, HTTPS traffic has other side-channels that could be exploited in a similar way, exposing private information. In this talk, we will talk about FIESTA, a tool specifically created for HTTPS side-channel exploitation. In addition, we will talk about "behavior side-channels", which was found to be pretty useful with widely used Internet services such as Google Contacts, Drive, Dropbox or Facebook.

Back to Open CFP
(0)

Comments

Interested in Speaking?

We are pleased to announce the Call For Papers for INFILTRATE 2018 is now open. If you would like to present and have an offense-focused-fresh-content presentation, please submit an abstract, Bio and headshot to cfp@immunityinc.com. This information will be included on our Open CFP site, here, where the public can vote on which presentations they are most interested in seeing at INFILTRATE. Call for papers will close on December 14th, 2017. Shortly after this date, the winning speakers will be notified.

Some of the benefits of speaking at INFILTRATE are: