1Likes
LinkBack URL
About LinkBacks
A pair of researchers have unveiled a serious new attack on web browser security.
The researchers used this week's Ekoparty security conference in Buenos Aires to unveil a new tool that attacks TLS and SSL, the cryptographic protocols used to establish secure web connections. The ability to crack encrypted web traffic removes the safety net that protects you when you're doing sensitive online tasks like banking or using credit cards. The tool, known as BEAST (Browser Exploit Against SSL/TLS), compromises TLS by exploiting a vulnerability that has been known about for years but which has been treated as a theoretical problem until now.
However, although researchers Thai Duong and Juliano Rizzo have significantly raised the stakes it's probably too early to start hoarding tins of beans and donning our tin foil hats.
Right now the attack can take up to half an hour to execute. Although the researchers have hinted that this can be significantly reduced the fact is that if you have the malicious nature, time and access required to execute this attack then there are probably easier ways to exercise your criminal ambitions.
The danger of BEASTly attacks against TLS has moved a little closer but we probably have enough time to react before it becomes practical.
A good start would be for browser and server vendors to pull their collective fingers out and start supporting versions 1.1 and 1.2 of TLS. Both of them have specific defences against this kind of attack but unfortunately support for them is poor.
Duong and Rizzo tipped off the major browser vendors about their findings months ago but so far the only response appears to have come from the folks at Chrome. A fix for the attack is currently under test in the development version of their browser.
Scary ehh ??. Ok here goes a good article about the attack methodology
. Have a nice time
More & Source
Results 1 to 4 of 4
- The Specialist *
- Join Date
- May 2010
- Location
- KOLKATA
- Posts
- 5,162
- Liked
- 731 times
- Points
- 47,580
Secure web browsing cracked by BEAST !!!
I don't need to know everything, I just need to know where to find it, when I need it.
- I'd rather be fishing!
- Join Date
- Jan 2011
- Location
- Minnesota, USA
- Posts
- 3,155
- Liked
- 1543 times
- Points
- 4,220
Thanks for the heads up Indra. Soemthing else to keep an eye out for, eh?
Life isn't about waiting for the storm to pass, it's about learning to dance in the rain!
- Malware Hunter
- Join Date
- Sep 2009
- Location
- Kolkata, India
- Posts
- 485
- Liked
- 104 times
- Points
- 6,801
I always knew the Beast was unbeatable, however powerful the antivirus engines may be. This in fact proves something else. A pen in the hands of a serial killer is deadlier than a gun in the hands of a normal guy.
- Modern-day Romeo
- Join Date
- Jul 2009
- Location
- Singapore, the "Little Red Dot" on the map
- Posts
- 6,159
- Liked
- 476 times
- Points
- 61,007
I'm sorry but I consider the latter deadlier.
Originally Posted by Bluedot 
Bluedot likes this.They call me the mysterious one...
my motto is...when it's hot, chill baby
Reply With Quote
Originally Posted by Bluedot 
Similar Threads
-
SecurityKISS Tunnel Secure Internet Connection & Anonymous Browsing
By sujay in forum General ForumReplies: 14Last Post: 01-26-2011, 07:46 AM -
Trusteer Adds Free Financial Malware Removal to Rapport Secure Browsing Service
By sujay in forum Spyware/VirusesReplies: 26Last Post: 08-04-2010, 04:41 AM -
Problem with Finjan secure browsing
By takerraj in forum Spyware/VirusesReplies: 6Last Post: 02-17-2009, 03:10 AM
