Welcome to WebmasterWorld Guest from 220.127.116.11
Forum Moderators: open
The HEIST technique—short for HTTP Encrypted Information can be Stolen Through TCP-Windows—works by exploiting the way HTTPS responses are delivered over the transmission control protocol, one of the Internet's most basic building blocks.source: [arstechnica.com...]
Once attackers know the size of an encrypted response, they are free to use one of two previously devised exploits to ferret out the plaintext contained inside.
I am using Brotli, without fallback to GZ. but I bet that one day, someone, somewhere, will find a breach in Brotli tooDoesn't say that the hack is limited to GZIP. I think GZIP was mentioned in the first article because it is common to most sites using file compression.
Both the BREACH and the CRIME exploits are able to decrypt payloads by manipulating the file compression that sites use to make pages load more quickly.