FYI: http://www.darkreading.com/vulnerability/https-side-channel-attack-a-tool-for-enc/240157583
From the abstract: " A new side channel vulnerability in HTTPS traffic could make it possible for targeted attackers to dig up secrets like session identifiers, CSRF tokens, OAuth tokens, and ViewState hidden fields without users ever being the wiser, say researchers who will explain how the attack could work at this year's Black Hat. " Unfortunately, I wasn't able to find a lot of details about this attack yet. Maybe some of you has more details. Ciao Hannes
PGP.sig
Description: This is a digitally signed message part
_______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
