@bascule What’s the state of the art in remote timing attacks against memcmp btw, any advances on @rootlabs work http://rdist.root.org/2010/11/09/blackhat-2010-video-on-remote-timing-attacks/ … ?
There's a simple and foolproof way to mitigate BREACH, btw: disable response compression
-
New conversation
-
-
-
@bascule should that be done at the http server level or the app level? Both? -
@martinisoft when you have it right, the Content-Encoding will be identity (or absent from the response)
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.