BEAST Breaks SSL Confidentiality Model

A tool called BEAST decrypts secret PayPal cookies residing in versions 1.0 and earlier of TLS by attacking the confidentiality model of the protocol. According to the researchers, Thai Duong and Juliano Rizzo, they claim BEAST is: “…the first attack that actually decrypts HTTPS requests.” As opposed to other attacks which targeted the authenticity of the protocol. Continue reading