You must Register or Sign in to your Cyware account to perform this action
×Once you are logged in, you will be able to:
Customize your feeds by selecting categories you like
Comment on or Like an article
Receive the latest security stories, trends, and insights in your inbox
Build your profile and login across multiple devices
Bookmark a story and read it later
- Home
- Hacker News
- Emerging Threats
- The new VORACLE attack can recover HTTP traffic sent via VPNs
The new VORACLE attack can recover HTTP traffic sent via VPNs
The new VORACLE attack can recover HTTP traffic sent via VPNs- August 16, 2018
- |
- Emerging Threats
/https://cystory-images.s3.amazonaws.com/shutterstock_566499325.jpg "The new VORACLE attack can recover HTTP traffic sent via VPNs")
- VORACLE is a variant and combination of old cryptographic attacks.
- VORACLE only works on Open VPN-based VPN services.
Security experts have discovered a new kind of attack called VORACLE. This new attack method could give cybercriminals the ability to recover HTTP traffic sent via encrypted VPN connections. The attack was discovered by security researcher Ahamed Nafeez who explained how VORACLE works at the Def Con hacking conference last week.
The VORACLE attack is not entirely a new attack, but a variation and a combination of old cryptographic attacks like the CRIME, the TIME and the BREACH attacks. Although fixed for the older attacks were released in 2012 and 2013, VPN services that compress HTTP traffic before encrypting it are still susceptible to the older cryptographic attacks.
VORACLE works on Open VPN-based services
According to Nafeez, VORACLE only works on Open VPN-based services. In the event that an attacker has successfully lured a user to an HTTP site, the attacker could then execute malicious code to steal sensitive information, such as session cookies.
"VORACLE allows an attacker to decrypt secrets from HTTP traffic sent through a VPN," Nafeez told Bleeping Computer. "The aim of the attack is to leak interesting secrets. This can be any cookies, pages with sensitive information, etc.”
VORACLE can be blocked
Fortunately, VORACLE attacks can be prevented. VPN services could allow users to change the VPN protocol, which in turn, would allow users to switch to a non-Open VPN protocol.
Another way to avoid VORACLE attacks would be to steer clear of HTTP websites and switch to HTTPS as HTTPS traffic sent via VPNs is unaffected by VORACLE. Users can also switch to using Chromium-based browsers to stay safe from the attack.
Bleeping Computer reported that Nafeez notified the OpenVPN project and other VPN providers about the VORACLE attack. Following Nafeez’s report, the OpenVPN project has decided to issue a more explicit warning about the risks involved with pre-encryption compression.
- + Aware
Get such articles in your inbox
News
-
/https://cystory-images.s3.amazonaws.com/iStock-91715504.jpg)
Previous News Newly updated jRAT comes with tricks to evade parsing, detection and reverse-engineering- August 16, 2018
- |
- Malware and Vulnerabilities
-
/https://cystory-images.s3.amazonaws.com/shutterstock_250329682.jpg)
Next News Hundreds of Instagram users locked out of accounts, recovery emails changed to .ru addresses- August 16, 2018
- |
- Breaches and Incidents
Popular News
/https://cystory-images.s3.amazonaws.com/shutterstock_171257957.jpg)
/https://cystory-images.s3.amazonaws.com/shutterstock_423598096.jpg)
/https://cystory-images.s3.amazonaws.com/shutterstock_202780831.jpg)
/https://cystory-images.s3.amazonaws.com/iStock_000083026757_Medium.jpg)
/https://cystory-images.s3.amazonaws.com/shutterstock_302129432.jpg)
Related News
/https://cyware-ent.s3.amazonaws.com/image_bank/616c_shutterstock_1067393102.jpg)
/https://cystory-images.s3.amazonaws.com/shutterstock_611472605.jpg)
Categories
Get such articles in your inbox
News
-
Previous News Newly updated jRAT comes with tricks to evade parsing, detection and reverse-engineering
- August 16, 2018
- |
- Malware and Vulnerabilities
-
Next News Hundreds of Instagram users locked out of accounts, recovery emails changed to .ru addresses
- August 16, 2018
- |
- Breaches and Incidents
Popular News
Related News
Categories
