Attack of the BEAST
-
Upload
stefan-fodor -
Category
Education
-
view
2.955 -
download
0
description
Transcript of Attack of the BEAST
Attack of the BEAST
Stefan, Paul, Vlad
Overview
• What is beast attack?
• How BEAST works
• Taming of the BEAST
• Video demo
• Questions
BEAST ATTACK
• BEAST = Browser Exploit Against SSL/TSL
• Decrypt HTTPS traffic
• Based on SSL exploit
• 10 years old flow based
• Considered theoretical attack until now
How BEAST works
• Java applet
• CSRF
• Code injection
• Cookie decription
Taming of the BEAST
• Firefox • Blocking Java • NoScript plug-in
• Internet Explorer
• Security Advisory (2588513)
• Chrome • pushed out a fix through a really fast chrome update
• Opera
• Searching for the beast solution to implement their fix
• Safari • Apple representatives did not respond to e-mail or telephone
requests for comment about the Safari browser
References
• http://news.cnet.com/8301-27080_3-20113530-245/browsers-tackle-the-beast-web-security-problem/
• https://idjh.files.wordpress.com/2011/09/beast.png
• http://news.cnet.com/8301-27080_3-20113530-245/browsers-tackle-the-beast-web-security-problem/
• http://nakedsecurity.sophos.com/2011/09/24/secure-web-browsing-cracked-by-beast
• https://blogs.msdn.com/b/kaushal/archive/2011/10/03/taming-the-beast-browser-exploit-against-ssl-tls.aspx
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3389