HTTPS Has Been BREACHed

5 August 2013Technology

Dan Goodin reporting for Ars Technica:

As Ars reported Thursday, an exploit dubbed BREACH—short for Browser Reconnaissance and Exfiltration via Adaptive Compression of Hypertext—can decode e-mail addresses, certain types of security tokens, and other secrets from encrypted webpages, often in as little as 30 seconds.

I guess the ‘S’ in HTTPS doesn’t stand for secure anymore.