Secure web browsing cracked by BEAST

In Tech, World News on September 25, 2011 at 12:53 pm

By Mark Stockley

A pair of researchers have unveiled a serious new attack on web browser security.

The researchers used this week’s Ekoparty security conference in Buenos Aires to unveil a new tool that attacks TLS and SSL, the cryptographic protocols used to establish secure web connections.

The ability to crack encrypted web traffic removes the safety net that protects you when you’re doing sensitive online tasks like banking or using credit cards.

The tool, known as BEAST (Browser Exploit Against SSL/TLS), compromises TLS by exploiting a vulnerability that has been known about for years but which has been treated as a theoretical problem until now.

However, although researchers Thai Duong and Juliano Rizzo have significantly raised the stakes it’s probably too early to start hoarding tins of beans and donning our tin foil hats.

Right now the attack can take up to half an hour to execute. Although the researchers have hinted that this can be significantly reduced the fact is that if you have the malicious nature, time and access required to execute this attack then there are probably easier ways to exercise your criminal ambitions.

Even when governments attack weapons manufacturers, they don’t need to get any more high-tech then basic con tricks like spear-phishing.

The danger of BEASTly attacks against TLS has moved a little closer but we probably have enough time to react before it becomes practical.

A good start would be for browser and server vendors to pull their collective fingers out and start supporting versions 1.1 and 1.2 of TLS. Both of them have specific defences against…

Full article…


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: