Security researchers Juliano Rizzo and Thai Duong have developed a new attack called CRIME on the TLS protocol that uses the compression ratio in requests as a side channel to gather information that enables them to decrypt the requests and extract users cookies. The attack works against both the TLS layer and the application layer and many major browsers, including Chrome and Firefox, are vulnerable to the attack. This video shows one of their exploits in action. Click through the video below to watch the video.
Source: https://threatpost.com/demo-crime-tls-attack-091212/77005/