CRIME attack
E737308
CRIME attack is a cryptographic side-channel attack that exploits compression-based information leakage in TLS/SSL to recover sensitive data such as session cookies.
All labels observed (1)
| Label | Occurrences |
|---|---|
| CRIME attack canonical | 1 |
How this entity was disambiguated
This entity first appeared as the object of triple T8489782 — resolving that mention is where its identity was fixed. The disambiguator weighed these candidate entities and picked the highlighted one (or “None”, minting a new entity). This is how homonymy is resolved: the same surface form can point to different entities.
Target entity: CRIME attack Context triple: [BEAST attack, relatedTo, CRIME attack]
-
A.
Custom House attack
The Custom House attack was a major 1921 operation by the Irish Republican Army in Dublin, where they burned the British administrative headquarters to disrupt colonial governance during the Irish War of Independence.
-
B.
Intrusion
Intrusion is a science fiction novel by Scottish author Ken MacLeod that explores themes of surveillance, personal freedom, and state control in a near-future society.
-
C.
Sky Crime
Sky Crime is a British pay television channel from Sky dedicated to true crime documentaries and series.
-
D.
Only Crime
Only Crime is an American hardcore punk supergroup featuring members from several notable punk bands, including Good Riddance and Bane.
-
E.
Crime Wave
Crime Wave is a 1953 film noir crime drama starring Sterling Hayden as a tough police detective pursuing an ex-convict drawn back into a world of robbery and violence.
- F. None of above. chosen
- G. Unsure - the case is ambiguous/there is not enough information to decide.
Target entity: CRIME attack Target entity description: CRIME attack is a cryptographic side-channel attack that exploits compression-based information leakage in TLS/SSL to recover sensitive data such as session cookies.
-
A.
Custom House attack
The Custom House attack was a major 1921 operation by the Irish Republican Army in Dublin, where they burned the British administrative headquarters to disrupt colonial governance during the Irish War of Independence.
-
B.
Intrusion
Intrusion is a science fiction novel by Scottish author Ken MacLeod that explores themes of surveillance, personal freedom, and state control in a near-future society.
-
C.
Sky Crime
Sky Crime is a British pay television channel from Sky dedicated to true crime documentaries and series.
-
D.
Only Crime
Only Crime is an American hardcore punk supergroup featuring members from several notable punk bands, including Good Riddance and Bane.
-
E.
Crime Wave
Crime Wave is a 1953 film noir crime drama starring Sterling Hayden as a tough police detective pursuing an ex-convict drawn back into a world of robbery and violence.
- F. None of above. chosen
Statements (45)
| Predicate | Object |
|---|---|
| instanceOf |
compression-based attack
ⓘ
cryptographic attack ⓘ side-channel attack ⓘ |
| abbreviation | CRIME ⓘ |
| affects |
HTTPS connections using TLS compression
ⓘ
servers with TLS compression enabled ⓘ web browsers supporting TLS compression ⓘ |
| attackType | passive traffic observation with active probing ⓘ |
| attackVector | chosen-plaintext attack ⓘ |
| canRecover |
CSRF tokens
ⓘ
authentication tokens ⓘ session cookies ⓘ |
| category |
transport layer security vulnerability
ⓘ
web security vulnerability ⓘ |
| CVEReference | CVE-2012-4929 ⓘ |
| disclosedAt | Ekoparty Security Conference 2012 NERFINISHED ⓘ |
| disclosureYear | 2012 ⓘ |
| discoveredBy |
Juliano Rizzo
NERFINISHED
ⓘ
Thai Duong NERFINISHED ⓘ |
| environment | encrypted HTTP over TLS ⓘ |
| exploits |
SPDY header compression
ⓘ
TLS-level compression ⓘ compression-based information leakage ⓘ |
| hasFullName | Compression Ratio Info-leak Made Easy NERFINISHED ⓘ |
| impact | confidentiality breach ⓘ |
| influenced |
deprecation of TLS-level compression in modern browsers
ⓘ
security recommendations for TLS configuration ⓘ |
| leaks | information via compressed ciphertext length ⓘ |
| mitigation |
disabling SPDY header compression for sensitive data
ⓘ
disabling TLS compression ⓘ using HTTP-only secure cookies with additional defenses ⓘ |
| notMitigatedBy | using strong ciphers alone ⓘ |
| primaryGoal |
recovery of secret data from encrypted connections
ⓘ
session hijacking ⓘ |
| relatedAttack |
BREACH attack
ⓘ
HEIST attack ⓘ TIME attack ⓘ |
| requires |
ability to inject data into victim’s requests
ⓘ
network attacker capable of intercepting TLS traffic ⓘ |
| status | largely mitigated in modern browsers and servers by disabling compression ⓘ |
| targetsComponent | application-layer secrets embedded in compressed streams ⓘ |
| targetsProtocol |
SPDY
NERFINISHED
ⓘ
SSL NERFINISHED ⓘ TLS NERFINISHED ⓘ |
| usesProperty | correlation between plaintext similarity and compressed size ⓘ |
How these facts were elicited
The pipeline generated the facts above by prompting gpt-5.1 with this entity's name + description and the instruction below.
You are a knowledge base construction expert. Given a subject entity and a description of it, return factual statements that you know for the subject as a JSON list of dictionaries(triples), where keys must be "subject", "predicate" and "object". The number of facts may be very high, between 25 to 50 or more, for very popular subjects. For less popular subjects, the number of facts can be very low, like 5 or 10. # Requirements - If you don't know the subject at all, return an empty list. - If the subject is not a named entity, return an empty list. - Include at least one triple where predicate is "instanceOf". - Do not get too wordy. - Separate several objects into multiple triples with one object.
Subject: CRIME attack Description of subject: CRIME attack is a cryptographic side-channel attack that exploits compression-based information leakage in TLS/SSL to recover sensitive data such as session cookies.
Referenced by (1)
Full triples — surface form annotated when it differs from this entity's canonical label.