Researchers from Indiana University and Microsoft were able to analyze the distinct size and other attributes of each exchange between a user and a website interaction. Using man-in-the-middle attacks, they could glean the information even when transactions were encrypted using the SecureSockets Layer, or SSL, protocol or the WPA, or Wi-fi Protected Access Protocol. The NSA released new guidance providing system administrators with the tools to update outdated protocols. Read the full article in this article by The Register.
Source: https://threatpost.com/mitm-attacks-can-help-steal-data-saas-032310/73731/