Ars Technica

Many ways to break SSL with CRIME attacks, experts warn

Security professionals are recommending that operators of websites offering the secure hypertext transfer protocol (HTTPS) disable a bandwidth-saving compression feature to prevent a recently ...
Computerworld

‘CRIME’ attack abuses SSL/TLS data compression feature to hijack HTTPS sessions

The ‘CRIME’ attack announced last week exploits the data compression scheme used by the TLS (Transport Layer Security) and SPDY protocols to decrypt user authentication cookies from HTTPS (HTTP Secure ...