« Why Microsoft's SDL Missed MS08-067 in their own words | Main | Yahoo Security Flaw Fixed in hours »

Identifying browsed pages behind SSL via packet size monitoring

The following article was posted to The Web Security Mailing List earlier today.

"Recently, the world saw The Pirate Bay offering SSL encryption on their server. This means that your ISP won't know anymore which torrent you are downloading, right? Wrong.
HTTPS is quite useless for protecting static and public content. By static, I do mean the .torrent file itself. It is always the same. By public, I do mean than one doesn't need any kind of authentication to pick up the content. It's always the same, for everyone. For crawlers, too.
So, one could easily index (a portion of) The Pirate Bay torrent database by the Content-Length. Then, one could intercept some encrypted traffic between some machine(s) within his/her network and the torrents.thepiratebay.org server. Knowing both (encrypted) request and response lengths, it is possible to get a quite reliable list of matches from the previously indexed torrent list."

Read more of 'The Pirate Bay un-SSL': http://sysd.org/stas/node/220


Feed You can follow this conversation by subscribing to the comment feed for this post.

All Comments are Moderated and will be delayed!