On 8 August 2013 02:07, Clark, Robert Graham wrote:
> My understanding of such attacks is that they require a
> point-of-presence within the browser to perform the injection which in
> turn enables the side channel. As clients/users won't be interacting
> with the API using a browser I'm not 100%
uld
not succeed.
> -Original Message-
> From: Robert Collins [mailto:robe...@robertcollins.net]
> Sent: 07 August 2013 10:21
> To: OpenStack Development Mailing List
> Subject: Re: [openstack-dev] [Horizon][Security] BREACH/CRIME Attack
> Information
>
> On 7 August 2013 20:30, Th
On 7 August 2013 20:30, Thierry Carrez wrote:
> Gabriel Hurley wrote:
>> Many of you have probably heard about the "BREACH" attack/security
>> vulnerability in HTTPS traffic that was disclosed recently, and I'd like to
>> take a moment to provide some info about how that affects Horizon. I'm not
Gabriel Hurley wrote:
> Many of you have probably heard about the "BREACH" attack/security
> vulnerability in HTTPS traffic that was disclosed recently, and I'd like to
> take a moment to provide some info about how that affects Horizon. I'm not
> following the official vulnerability management
Many of you have probably heard about the "BREACH" attack/security
vulnerability in HTTPS traffic that was disclosed recently, and I'd like to
take a moment to provide some info about how that affects Horizon. I'm not
following the official vulnerability management process because 1. The
vulner