Attack of the BEAST

8
Attack of the BEAST Stefan, Paul, Vlad

description

IT Security short presentation about the BEAST attack

Transcript of Attack of the BEAST

Page 1: Attack of the BEAST

Attack of the BEAST

Stefan, Paul, Vlad

Page 2: Attack of the BEAST

Overview

• What is beast attack?

• How BEAST works

• Taming of the BEAST

• Video demo

• Questions

Page 3: Attack of the BEAST

BEAST ATTACK

• BEAST = Browser Exploit Against SSL/TSL

• Decrypt HTTPS traffic

• Based on SSL exploit

• 10 years old flow based

• Considered theoretical attack until now

Page 4: Attack of the BEAST

How BEAST works

• Java applet

• CSRF

• Code injection

• Cookie decription

Page 5: Attack of the BEAST

Taming of the BEAST

• Firefox • Blocking Java • NoScript plug-in

• Internet Explorer

• Security Advisory (2588513)

• Chrome • pushed out a fix through a really fast chrome update

• Opera

• Searching for the beast solution to implement their fix

• Safari • Apple representatives did not respond to e-mail or telephone

requests for comment about the Safari browser

http://blogs.technet.com/b/msrc/archive/2011/09/26/microsoft-releases-security-advisory-2588513.aspx
Page 6: Attack of the BEAST

Video Demo

• http://www.youtube.com/watch?v=BTqAIDVUvrU

http://www.youtube.com/watch?v=BTqAIDVUvrU
Page 7: Attack of the BEAST
Page 8: Attack of the BEAST

References

• http://news.cnet.com/8301-27080_3-20113530-245/browsers-tackle-the-beast-web-security-problem/

• https://idjh.files.wordpress.com/2011/09/beast.png

• http://news.cnet.com/8301-27080_3-20113530-245/browsers-tackle-the-beast-web-security-problem/

• http://nakedsecurity.sophos.com/2011/09/24/secure-web-browsing-cracked-by-beast

• https://blogs.msdn.com/b/kaushal/archive/2011/10/03/taming-the-beast-browser-exploit-against-ssl-tls.aspx

• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3389

http://news.cnet.com/8301-27080_3-20113530-245/browsers-tackle-the-beast-web-security-problem/
http://news.cnet.com/8301-27080_3-20113530-245/browsers-tackle-the-beast-web-security-problem/
http://news.cnet.com/8301-27080_3-20113530-245/browsers-tackle-the-beast-web-security-problem/
http://news.cnet.com/8301-27080_3-20113530-245/browsers-tackle-the-beast-web-security-problem/
http://news.cnet.com/8301-27080_3-20113530-245/browsers-tackle-the-beast-web-security-problem/
http://news.cnet.com/8301-27080_3-20113530-245/browsers-tackle-the-beast-web-security-problem/
http://news.cnet.com/8301-27080_3-20113530-245/browsers-tackle-the-beast-web-security-problem/
http://news.cnet.com/8301-27080_3-20113530-245/browsers-tackle-the-beast-web-security-problem/
http://news.cnet.com/8301-27080_3-20113530-245/browsers-tackle-the-beast-web-security-problem/
http://news.cnet.com/8301-27080_3-20113530-245/browsers-tackle-the-beast-web-security-problem/
http://news.cnet.com/8301-27080_3-20113530-245/browsers-tackle-the-beast-web-security-problem/
http://news.cnet.com/8301-27080_3-20113530-245/browsers-tackle-the-beast-web-security-problem/
http://news.cnet.com/8301-27080_3-20113530-245/browsers-tackle-the-beast-web-security-problem/
http://news.cnet.com/8301-27080_3-20113530-245/browsers-tackle-the-beast-web-security-problem/
http://news.cnet.com/8301-27080_3-20113530-245/browsers-tackle-the-beast-web-security-problem/
http://news.cnet.com/8301-27080_3-20113530-245/browsers-tackle-the-beast-web-security-problem/
http://news.cnet.com/8301-27080_3-20113530-245/browsers-tackle-the-beast-web-security-problem/
http://news.cnet.com/8301-27080_3-20113530-245/browsers-tackle-the-beast-web-security-problem/
http://news.cnet.com/8301-27080_3-20113530-245/browsers-tackle-the-beast-web-security-problem/
http://news.cnet.com/8301-27080_3-20113530-245/browsers-tackle-the-beast-web-security-problem/
https://idjh.files.wordpress.com/2011/09/beast.png
https://idjh.files.wordpress.com/2011/09/beast.png
https://idjh.files.wordpress.com/2011/09/beast.png
http://news.cnet.com/8301-27080_3-20113530-245/browsers-tackle-the-beast-web-security-problem/
http://news.cnet.com/8301-27080_3-20113530-245/browsers-tackle-the-beast-web-security-problem/
http://news.cnet.com/8301-27080_3-20113530-245/browsers-tackle-the-beast-web-security-problem/
http://news.cnet.com/8301-27080_3-20113530-245/browsers-tackle-the-beast-web-security-problem/
http://news.cnet.com/8301-27080_3-20113530-245/browsers-tackle-the-beast-web-security-problem/
http://news.cnet.com/8301-27080_3-20113530-245/browsers-tackle-the-beast-web-security-problem/
http://news.cnet.com/8301-27080_3-20113530-245/browsers-tackle-the-beast-web-security-problem/
http://news.cnet.com/8301-27080_3-20113530-245/browsers-tackle-the-beast-web-security-problem/
http://news.cnet.com/8301-27080_3-20113530-245/browsers-tackle-the-beast-web-security-problem/
http://news.cnet.com/8301-27080_3-20113530-245/browsers-tackle-the-beast-web-security-problem/
http://news.cnet.com/8301-27080_3-20113530-245/browsers-tackle-the-beast-web-security-problem/
http://news.cnet.com/8301-27080_3-20113530-245/browsers-tackle-the-beast-web-security-problem/
http://news.cnet.com/8301-27080_3-20113530-245/browsers-tackle-the-beast-web-security-problem/
http://news.cnet.com/8301-27080_3-20113530-245/browsers-tackle-the-beast-web-security-problem/
http://news.cnet.com/8301-27080_3-20113530-245/browsers-tackle-the-beast-web-security-problem/
http://news.cnet.com/8301-27080_3-20113530-245/browsers-tackle-the-beast-web-security-problem/
http://news.cnet.com/8301-27080_3-20113530-245/browsers-tackle-the-beast-web-security-problem/
http://news.cnet.com/8301-27080_3-20113530-245/browsers-tackle-the-beast-web-security-problem/
http://news.cnet.com/8301-27080_3-20113530-245/browsers-tackle-the-beast-web-security-problem/
http://news.cnet.com/8301-27080_3-20113530-245/browsers-tackle-the-beast-web-security-problem/
http://news.cnet.com/8301-27080_3-20113530-245/browsers-tackle-the-beast-web-security-problem/
http://nakedsecurity.sophos.com/2011/09/24/secure-web-browsing-cracked-by-beast
http://nakedsecurity.sophos.com/2011/09/24/secure-web-browsing-cracked-by-beast
http://nakedsecurity.sophos.com/2011/09/24/secure-web-browsing-cracked-by-beast
http://nakedsecurity.sophos.com/2011/09/24/secure-web-browsing-cracked-by-beast
http://nakedsecurity.sophos.com/2011/09/24/secure-web-browsing-cracked-by-beast
http://nakedsecurity.sophos.com/2011/09/24/secure-web-browsing-cracked-by-beast
http://nakedsecurity.sophos.com/2011/09/24/secure-web-browsing-cracked-by-beast
http://nakedsecurity.sophos.com/2011/09/24/secure-web-browsing-cracked-by-beast
http://nakedsecurity.sophos.com/2011/09/24/secure-web-browsing-cracked-by-beast
http://nakedsecurity.sophos.com/2011/09/24/secure-web-browsing-cracked-by-beast
http://nakedsecurity.sophos.com/2011/09/24/secure-web-browsing-cracked-by-beast
http://nakedsecurity.sophos.com/2011/09/24/secure-web-browsing-cracked-by-beast
http://nakedsecurity.sophos.com/2011/09/24/secure-web-browsing-cracked-by-beast
https://blogs.msdn.com/b/kaushal/archive/2011/10/03/taming-the-beast-browser-exploit-against-ssl-tls.aspx
https://blogs.msdn.com/b/kaushal/archive/2011/10/03/taming-the-beast-browser-exploit-against-ssl-tls.aspx
https://blogs.msdn.com/b/kaushal/archive/2011/10/03/taming-the-beast-browser-exploit-against-ssl-tls.aspx
https://blogs.msdn.com/b/kaushal/archive/2011/10/03/taming-the-beast-browser-exploit-against-ssl-tls.aspx
https://blogs.msdn.com/b/kaushal/archive/2011/10/03/taming-the-beast-browser-exploit-against-ssl-tls.aspx
https://blogs.msdn.com/b/kaushal/archive/2011/10/03/taming-the-beast-browser-exploit-against-ssl-tls.aspx
https://blogs.msdn.com/b/kaushal/archive/2011/10/03/taming-the-beast-browser-exploit-against-ssl-tls.aspx
https://blogs.msdn.com/b/kaushal/archive/2011/10/03/taming-the-beast-browser-exploit-against-ssl-tls.aspx
https://blogs.msdn.com/b/kaushal/archive/2011/10/03/taming-the-beast-browser-exploit-against-ssl-tls.aspx
https://blogs.msdn.com/b/kaushal/archive/2011/10/03/taming-the-beast-browser-exploit-against-ssl-tls.aspx
https://blogs.msdn.com/b/kaushal/archive/2011/10/03/taming-the-beast-browser-exploit-against-ssl-tls.aspx
https://blogs.msdn.com/b/kaushal/archive/2011/10/03/taming-the-beast-browser-exploit-against-ssl-tls.aspx
https://blogs.msdn.com/b/kaushal/archive/2011/10/03/taming-the-beast-browser-exploit-against-ssl-tls.aspx
https://blogs.msdn.com/b/kaushal/archive/2011/10/03/taming-the-beast-browser-exploit-against-ssl-tls.aspx
https://blogs.msdn.com/b/kaushal/archive/2011/10/03/taming-the-beast-browser-exploit-against-ssl-tls.aspx
https://blogs.msdn.com/b/kaushal/archive/2011/10/03/taming-the-beast-browser-exploit-against-ssl-tls.aspx
https://blogs.msdn.com/b/kaushal/archive/2011/10/03/taming-the-beast-browser-exploit-against-ssl-tls.aspx
https://blogs.msdn.com/b/kaushal/archive/2011/10/03/taming-the-beast-browser-exploit-against-ssl-tls.aspx
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3389
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3389
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3389
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3389
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3389
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3389
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3389
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3389

IS ISLAM THE BEAST OF REVELATION? - Amazon …wisdomintorah.s3.amazonaws.com/medialibrary/Is-Islam-the-Beast-of... · IS ISLAM THE BEAST OF ... lamp always before Me in Jerusalem,

IS ISLAM THE BEAST OF REVELATION? - Amazon …wisdomintorah.s3.amazonaws.com/medialibrary/Is-Islam-the-Beast-of... · IS ISLAM THE BEAST OF ... lamp always before Me in Jerusalem,

beast of burden.pdf

beast of burden.pdf

PATTERN BEAST man - REAL BEAST man

PATTERN BEAST man - REAL BEAST man

150 Beast BEAUTY AND 'ts-53 THE BEAST (BELLE) …actingouttheatreco.org/wp-content/uploads/Beast-Call...150 Beast BEAUTY AND 'ts-53 THE BEAST (BELLE) Ther THERE 30 Allegretto 31 swreet

150 Beast BEAUTY AND 'ts-53 THE BEAST (BELLE) …actingouttheatreco.org/wp-content/uploads/Beast-Call...150 Beast BEAUTY AND 'ts-53 THE BEAST (BELLE) Ther THERE 30 Allegretto 31 swreet

*BEAST in BEAST 2.4 - Taming the BEAST · 2*BEAST analysis This tutorial will guide you through the analysis of three loci sampled from 26 individuals representing ... BEAST v2.4.2,

*BEAST in BEAST 2.4 - Taming the BEAST · 2*BEAST analysis This tutorial will guide you through the analysis of three loci sampled from 26 individuals representing ... BEAST v2.4.2,

Body Beast the Book of Beast

Body Beast the Book of Beast

Islam The Beast Of Revelation

Islam The Beast Of Revelation

Positively Diesel...Where Strength & Positivity Collide ...€¦ · TOTAL BODY mins BEAST ABS Beast BEAST CARDIO BEAST ABS la TUESDÀY BULK CHEST BUILD LEGS Beast 238 mins BUILD CHEST

Positively Diesel...Where Strength & Positivity Collide ...€¦ · TOTAL BODY mins BEAST ABS Beast BEAST CARDIO BEAST ABS la TUESDÀY BULK CHEST BUILD LEGS Beast 238 mins BUILD CHEST

Beast of the East 2019 Beast of the East - Wrestling USA of the East... · 2019. 11. 7. · Beast of the East 2019 Beast of the East December 21st and 22nd, 2019 Online Application

Beast of the East 2019 Beast of the East - Wrestling USA of the East... · 2019. 11. 7. · Beast of the East 2019 Beast of the East December 21st and 22nd, 2019 Online Application

Romancing the Plot: The Real Beast of Disney's Beauty and the Beast

Romancing the Plot: The Real Beast of Disney's Beauty and the Beast

Teens Upload Brutal Video of Sleepover Attack - The Daily Beast

Teens Upload Brutal Video of Sleepover Attack - The Daily Beast

The Book of Beast

The Book of Beast

The Beast Of The Dragon

The Beast Of The Dragon

BEAST 54ZB and 62ZB Mower FEB2014-MS Publisher · Rev: AUG2014 Z-Beast Finish Mower Z-BEAST About the BEAST Mower Manual Congratulations on the purchase of your new BEAST commercial

BEAST 54ZB and 62ZB Mower FEB2014-MS Publisher · Rev: AUG2014 Z-Beast Finish Mower Z-BEAST About the BEAST Mower Manual Congratulations on the purchase of your new BEAST commercial

The Beast of Revelation

The Beast of Revelation

Mark of the Beast

Mark of the Beast

Return of the Beast

Return of the Beast

Marke of the Beast

Marke of the Beast

REVELATION SEMINAR #19 The mark of the beast. THE BEAST OF REVELATION 13 THE BEAST OF REVELATION 13.

REVELATION SEMINAR #19 The mark of the beast. THE BEAST OF REVELATION 13 THE BEAST OF REVELATION 13.

Beast of Revelation

Beast of Revelation