Wednesday, August 03, 2016

New hack of https reported: are financial consumers safe (as per "Marathon Man"?)

Dan Goodin of Ars Technica has a disturbing article about a new way to intercept https secure transactions with no need for a “man in the middle”.  The link for the story is here.
The attack involves some intricate programming methods called HEIST, BREACH and CRIME.

A very determined hacker could seem to be able to raid almost any bank account.  Users should regularly monitor all their accounts during normal business hours and be prepared to contact their institutions quickly.

A good question is how this could affect the “https everywhere” debate.

No comments: