Secure web browsing cracked by BEAST

Jack

Administrator
Thread author
Verified
Staff Member
Well-known
Jan 24, 2011
9,377
Sophos said:
A pair of researchers have unveiled a serious new attack on web browser security.

The researchers used this week's Ekoparty security conference in Buenos Aires to unveil a new tool that attacks TLS and SSL, the cryptographic protocols used to establish secure web connections.

The ability to crack encrypted web traffic removes the safety net that protects you when you're doing sensitive online tasks like banking or using credit cards.

The tool, known as BEAST (Browser Exploit Against SSL/TLS), compromises TLS by exploiting a vulnerability that has been known about for years but which has been treated as a theoretical problem until now.

However, although researchers Thai Duong and Juliano Rizzo have significantly raised the stakes it's probably too early to start hoarding tins of beans and donning our tin foil hats.

Right now the attack can take up to half an hour to execute. Although the researchers have hinted that this can be significantly reduced the fact is that if you have the malicious nature, time and access required to execute this attack then there are probably easier ways to exercise your criminal ambitions.

Even when governments attack weapons manufacturers, they don't need to get any more high-tech then basic con tricks like spear-phishing.

The danger of BEASTly attacks against TLS has moved a little closer but we probably have enough time to react before it becomes practical.

Read more
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top