BEAST Breaks SSL Confidentiality Model

A tool called BEAST decrypts secret PayPal cookies residing in versions 1.0 and earlier of TLS by attacking the confidentiality model of the protocol. According to the researchers, Thai Duong and Juliano Rizzo, they claim BEAST is: “…the first attack that actually decrypts HTTPS requests.” As opposed to other attacks which targeted the authenticity of the protocol. While versions 1.1 and 1.2 of TLS aren’t affected, they still remain unsupported by browsers and most sites, thus, almost every website remains vulnerable to the eavesdropping attack. The BEAST proof of concept will be demoed at Ekoparty security conference in Buenos Aires later this week, by researchers Thai Duong and Juliano Rizzo. Will this be an eye opener to finally introduce TLS 1.1 & 1.2 support?


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s