Displaying 1 result from an estimated 1 matches for "iamdumb".
Did you mean:
amdump
2014 Nov 18
5
can compression be safely used with SSH?
...otcha
So there is not such direct way to extract a secret as it was made
possible in an attack like CRIME, but yet it may theoretically be
possible to get out something useful, or wouldn't it?
So I could be stupid and have a log format in Apache httpd which is like:
<date> myrootpassword=iamdumb <request URI>
Now in the above scenario and attacker that could eavesdrop our log
collector's connections, could also make arbitrary requests to our
company's webserver, thereby change places chosen plaintexts <request
URI> and by the compression deduce the password.
As I'...