If you develop or use web based products that relay on SSL (that actually includes every one) you now have a new topic to worry about.
Researchers demonstrated on the BlackHat USA 2013 August conference, an exploit of header data breach for SSL sessions, named “BREACH”.
The claim is they could quickly and easily expose session header data for compressed SSL sessions, by using a statistical based algorithm. They inject their own data into the session, then use statistics to analyze the resulting compressed web server response, to infer what the original session header data included.
This puts at risk any product that includes a web service which repeatedly communicates sensitive data, such as security tokens, cookie information and similar, in the session header information.
This seems as a massive issue due to those reasons:
Developers, be warned!
Users, better review your critical web app providers security awareness and responsiveness…