Important for developers, and great for solutions ideas brainstorming.
Includes hacking examples and explanations as well as remediation techniques.
Checkout this comprehensive OAuth Vulnerabilities Checklist here:
The claim is they could quickly and easily expose session header data for compressed SSL sessions, by using a statistical based algorithm. They inject their own data into the session, then use statistics to analyze the resulting compressed web server response, to infer what the original session header data included.
This puts at risk any product that includes a web service which repeatedly communicates sensitive data, such as security tokens, cookie information and similar, in the session header information.
This seems as a massive issue due to those reasons:
Most Web servers use compressed response to avoid major performance hit
Many developers have been assuming they can allow repeat session security information responses in session headers, relaying on SSL to hide it
Researchers will disclose the exploit code to the public
There is no workaround expected in the near future, except for deep developers review and correction of their session header transmissions
Developers, be warned!
Users, better review your critical web app providers security awareness and responsiveness…
Note that both Backtrack and Kali Linux contain great tools such as Nessus and Metasploit, set for “labor-intensive” use. If you want it to automatically do the work for you, across many systems, through a workflow that will save you a LOT of time, you’ll have to pay for the “Professional” variations of those tools.