New Crypto-Cracking Tool To Target Databases
"What happens in Web apps is that it is very common for the programmer to send something encrypted to the client/Web browser [and] not to share it with the client, just to store it for some time like cookies, [which] is a perfect scenario to implement what is called 'chosen cipher text attacks,' where the cipher text is modified and [sent] again to the Web application," says Juliano Rizzo, who together with Thai Duong developed Poet. "Poet should help to show that is not easy to implement cryptography correctly, [and] attacks that could look theoretical are very practical and dangerous."
The link for this article located at Dark Reading is no longer available.