Is there anyway to disable compression for SSL/TLS on the phone's browser (com.android.browser)? The browser does not appear to offer the choice. Browsing the source code has not turned up any useful settings (http://grepcode.com/file/repository.grepcode.com/java/ext/com.google.android/android-apps/4.0.1_r1/com/android/browser/). There's no telling when my carrier or oem will patch this.
http://security.blogoverflow.com/2012/09/how-can-you-protect-yourself-from-crime-beasts-successor/ For those who haven’t been following Juliano Rizzo and Thai Duong, two researchers who developed the BEAST attack against TLS 1.0/SSL 3.0 in September 2011, they have developed another attack they plan to publish at the Ekoparty conference in Argentina later this month – this time giving them the ability to hijack HTTPS sessions – and this has started people worrying again. ... -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
