The presentation discusses the vulnerability of TLS and VPNs to compression oracle attacks, with a focus on OpenVPN. The speaker explores the use of compression in VPNs and the potential for bi-directional compression on requests and responses. The presentation also highlights the need for continued research and improvement in TLS and VPN security.
- TLS and VPNs are vulnerable to compression oracle attacks
- OpenVPN uses bi-directional compression on requests and responses
- Continued research and improvement in TLS and VPN security is necessary
The speaker discusses the famous 'crime' attack on TLS compression, which led to the death of TLS compression. They also mention the 'breach' attack, which was able to leak CSRF tokens of real-world web applications. The presentation emphasizes the need for improved security measures in VPNs to prevent similar attacks.