Which client-side attack exploits vulnerabilities in the data compression feature of TLS, SPDY, and HTTPS?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Prepare for the Certified Ethical Hacker Version 11 Exam with a comprehensive test featuring flashcards and multiple choice questions, each accompanied by hints and explanations to ensure a thorough understanding. Ace your ethical hacking exam with confidence!

Multiple Choice

Which client-side attack exploits vulnerabilities in the data compression feature of TLS, SPDY, and HTTPS?

Explanation:
This question targets attacks that abuse data compression used with TLS/HTTPS to reveal secret information. The CRIME attack takes advantage of TLS (and SPDY) compression by observing how the size of the compressed ciphertext changes when the attacker influences the plaintext. By injecting known data into requests and monitoring the resulting compressed output, the attacker can infer secret values in the data being sent (such as a session cookie). The compression step creates a side channel: repeated patterns compress more, so guessing parts of the secret affects the overall size in predictable ways, allowing the secret to be recovered bit by bit. The defense is to disable TLS/SPDY compression entirely, since it’s the compression feature itself that enables the leakage. The other options describe different kinds of hijacking or disruption, not leveraging the compression-based leakage that CRIME exploits.

This question targets attacks that abuse data compression used with TLS/HTTPS to reveal secret information. The CRIME attack takes advantage of TLS (and SPDY) compression by observing how the size of the compressed ciphertext changes when the attacker influences the plaintext. By injecting known data into requests and monitoring the resulting compressed output, the attacker can infer secret values in the data being sent (such as a session cookie). The compression step creates a side channel: repeated patterns compress more, so guessing parts of the secret affects the overall size in predictable ways, allowing the secret to be recovered bit by bit. The defense is to disable TLS/SPDY compression entirely, since it’s the compression feature itself that enables the leakage. The other options describe different kinds of hijacking or disruption, not leveraging the compression-based leakage that CRIME exploits.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy