Attack of the BEAST

4,086 views

Published on

IT Security short presentation about the BEAST attack

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
4,086
On SlideShare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
16
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Attack of the BEAST

  1. 1. Attack of the BEAST Stefan, Paul, Vlad
  2. 2. Overview• What is beast attack?• How BEAST works• Taming of the BEAST• Video demo• Questions
  3. 3. BEAST ATTACK• BEAST = Browser Exploit Against SSL/TSL• Decrypt HTTPS traffic• Based on SSL exploit • 10 years old flow based• Considered theoretical attack until now
  4. 4. How BEAST works• Java applet• CSRF• Code injection• Cookie decription
  5. 5. Taming of the BEAST• Firefox • Blocking Java • NoScript plug-in• Internet Explorer • Security Advisory (2588513)• Chrome • pushed out a fix through a really fast chrome update• Opera • Searching for the beast solution to implement their fix• Safari • Apple representatives did not respond to e-mail or telephone requests for comment about the Safari browser
  6. 6. Video Demo• http://www.youtube.com/watch?v=BTqAIDVUvrU
  7. 7. References• http://news.cnet.com/8301-27080_3-20113530- 245/browsers-tackle-the-beast-web-security-problem/• https://idjh.files.wordpress.com/2011/09/beast.png• http://news.cnet.com/8301-27080_3-20113530- 245/browsers-tackle-the-beast-web-security-problem/• http://nakedsecurity.sophos.com/2011/09/24/secure-web- browsing-cracked-by-beast• https://blogs.msdn.com/b/kaushal/archive/2011/10/03/tamin g-the-beast-browser-exploit-against-ssl-tls.aspx• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011- 3389

×