Ok, did some digging re: my previous tweet. Turns out if an attacker can control part of the cleartext they can guess other parts.
@charliesome yup, they can guess a byte-at-a-time and the ciphertext will be shorter when they guess correctly
-
-
@bascule makes sense. Seems like the common advice of disabling SSL compression doesn't completely solve the vuln though. -
@charliesome need to disable HTTP (i.e. Content-Encoding) compression
End of conversation
New conversation -
-
-
@bascule you could probably take advantage of HTTP response body compression to guess things in the response, like CSRF tokens, right? -
@charliesome confirm, anything that appears in the response body (but not headers)
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.