BEAST creators develop new SSL attack

Discussion in 'other security issues & news' started by lotuseclat79, Sep 7, 2012.

Thread Status:
Not open for further replies.
  1. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,097
    BEAST creators develop new SSL attack.

    -- Tom
     
  2. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,097
    How can you protect yourself from CRIME, BEAST’s successor?

    How can you protect yourself from CRIME, BEAST’s successor?.

    The post (above link) discusses an excellent hypothetical way to defend against the attack which prompted various modifications (see comments in linked article above) in several products prior to the actual release of the CRIME attack at a conference later this month in Argentina.

    -- Tom
     
  3. EncryptedBytes

    EncryptedBytes Registered Member

    Joined:
    Feb 20, 2011
    Posts:
    449
    Location:
    N/A
    SSL/TLS compression exploit disclosed

    (http://security.stackexchange.com/questions/19911/crime-how-to-beat-the-beast-successor/19914#19914)

     
  4. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,855
    Here is where I am glad that MS isn't supporting Google's "great" new SPDY protocol as IE is immune to the attack. When it comes to encryption new proposals should be rigorously tested, not rushed out before it's even a standard.

    Still annoyed at the lack of pushing TLS 1.2 though... so depressing that still only IE and Opera support it.
     
  5. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,097
  6. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,097
  7. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,097
Loading...
Thread Status:
Not open for further replies.