BEAST Breaks SSL Confidentiality Model

A tool called BEAST decrypts secret PayPal cookies residing in versions 1.0 and earlier of TLS by attacking the confidentiality model of the protocol. According to the researchers, Thai Duong and Juliano Rizzo, they claim BEAST is: “…the first attack that actually decrypts HTTPS requests.” As opposed to other attacks which targeted the authenticity of the protocol. While versions 1.1 and 1.2 of TLS aren’t affected, they still remain unsupported by browsers and most sites, thus, almost every website remains vulnerable to the eavesdropping attack. The BEAST proof of concept will be demoed at Ekoparty security conference in Buenos Aires later this week, by researchers Thai Duong and Juliano Rizzo. Will this be an eye opener to finally introduce TLS 1.1 & 1.2 support?

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s