SlideShare a Scribd company logo

Attack of the BEAST

Stefan Fodor
Stefan Fodor

IT Security short presentation about the BEAST attack

EducationTechnologyEntertainment & Humor
1 of 8
Download to read offline
Attack of the BEAST Stefan, Paul, Vlad
Overview • What is beast attack? • How BEAST works • Taming of the BEAST • Video demo • Questions
BEAST ATTACK • BEAST = Browser Exploit Against SSL/TSL • Decrypt HTTPS traffic • Based on SSL exploit • 10 years old flow based • Considered theoretical attack until now
How BEAST works • Java applet • CSRF • Code injection • Cookie decription
Taming of the BEAST • Firefox • Blocking Java • NoScript plug-in • Internet Explorer • Security Advisory (2588513) • Chrome • pushed out a fix through a really fast chrome update • Opera • Searching for the beast solution to implement their fix • Safari • Apple representatives did not respond to e-mail or telephone requests for comment about the Safari browser
Video Demo • http://www.youtube.com/watch?v=BTqAIDVUvrU
References • http://news.cnet.com/8301-27080_3-20113530- 245/browsers-tackle-the-beast-web-security-problem/ • https://idjh.files.wordpress.com/2011/09/beast.png • http://news.cnet.com/8301-27080_3-20113530- 245/browsers-tackle-the-beast-web-security-problem/ • http://nakedsecurity.sophos.com/2011/09/24/secure-web- browsing-cracked-by-beast • https://blogs.msdn.com/b/kaushal/archive/2011/10/03/tamin g-the-beast-browser-exploit-against-ssl-tls.aspx • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011- 3389

Recommended

Keep Your SIte Secure
Keep Your SIte SecureKeep Your SIte Secure
Keep Your SIte SecureMichele Butcher-Jones
 
8 Simple Ways to Hack Your Joomla
8 Simple Ways to Hack Your Joomla8 Simple Ways to Hack Your Joomla
8 Simple Ways to Hack Your JoomlaSiteGround.com
 
How To Build The Perfect Backtrack 4 Usb Drive
How To Build The Perfect Backtrack 4 Usb DriveHow To Build The Perfect Backtrack 4 Usb Drive
How To Build The Perfect Backtrack 4 Usb Drivekriggins
 
Secrets to a Hack-Proof Joomla Revealed
Secrets to a Hack-Proof Joomla RevealedSecrets to a Hack-Proof Joomla Revealed
Secrets to a Hack-Proof Joomla RevealedSiteGround.com
 
8 Most Popular Joomla Hacks & How To Avoid Them
8 Most Popular Joomla Hacks & How To Avoid Them8 Most Popular Joomla Hacks & How To Avoid Them
8 Most Popular Joomla Hacks & How To Avoid ThemSiteGround.com
 
8 Ways to Hack a WordPress website
8 Ways to Hack a WordPress website8 Ways to Hack a WordPress website
8 Ways to Hack a WordPress websiteSiteGround.com
 
Beginning WordPress Security WordCamp North Canton 2015
Beginning WordPress Security WordCamp North Canton 2015Beginning WordPress Security WordCamp North Canton 2015
Beginning WordPress Security WordCamp North Canton 2015Michele Butcher-Jones
 
Managing WordPress
Managing WordPressManaging WordPress
Managing WordPressSteven Watts
 

Recommended

Keep Your SIte Secure
Keep Your SIte SecureKeep Your SIte Secure
Keep Your SIte SecureMichele Butcher-Jones
 
8 Simple Ways to Hack Your Joomla
8 Simple Ways to Hack Your Joomla8 Simple Ways to Hack Your Joomla
8 Simple Ways to Hack Your JoomlaSiteGround.com
 
How To Build The Perfect Backtrack 4 Usb Drive
How To Build The Perfect Backtrack 4 Usb DriveHow To Build The Perfect Backtrack 4 Usb Drive
How To Build The Perfect Backtrack 4 Usb Drivekriggins
 
Secrets to a Hack-Proof Joomla Revealed
Secrets to a Hack-Proof Joomla RevealedSecrets to a Hack-Proof Joomla Revealed
Secrets to a Hack-Proof Joomla RevealedSiteGround.com
 
8 Most Popular Joomla Hacks & How To Avoid Them
8 Most Popular Joomla Hacks & How To Avoid Them8 Most Popular Joomla Hacks & How To Avoid Them
8 Most Popular Joomla Hacks & How To Avoid ThemSiteGround.com
 
8 Ways to Hack a WordPress website
8 Ways to Hack a WordPress website8 Ways to Hack a WordPress website
8 Ways to Hack a WordPress websiteSiteGround.com
 
Beginning WordPress Security WordCamp North Canton 2015
Beginning WordPress Security WordCamp North Canton 2015Beginning WordPress Security WordCamp North Canton 2015
Beginning WordPress Security WordCamp North Canton 2015Michele Butcher-Jones
 
Managing WordPress
Managing WordPressManaging WordPress
Managing WordPressSteven Watts
 
How to Secure your WordPress Website - WordCamp UK 2014
How to Secure your WordPress Website - WordCamp UK 2014How to Secure your WordPress Website - WordCamp UK 2014
How to Secure your WordPress Website - WordCamp UK 2014Primary Image Ltd
 
Building a low cost hack lab
Building a low cost hack labBuilding a low cost hack lab
Building a low cost hack labJoe McCray
 
Open source technologies in Microsoft cloud
Open source technologies in Microsoft cloudOpen source technologies in Microsoft cloud
Open source technologies in Microsoft cloudAlexey Bokov
 
WebGL and Real-Time Web Communication
WebGL and Real-Time Web CommunicationWebGL and Real-Time Web Communication
WebGL and Real-Time Web CommunicationPeter Moskovits
 
Joomladay Switzerland - security
Joomladay Switzerland - securityJoomladay Switzerland - security
Joomladay Switzerland - securityWilco Jansen
 
Getting ready for a Capture The Flag Hacking Competition
Getting ready for a Capture The Flag Hacking CompetitionGetting ready for a Capture The Flag Hacking Competition
Getting ready for a Capture The Flag Hacking CompetitionJoe McCray
 
Real Time With Web Sockets
Real Time With Web SocketsReal Time With Web Sockets
Real Time With Web SocketsColdFusionConference
 
Keeping Your Joomla! Site Secure
Keeping Your Joomla! Site SecureKeeping Your Joomla! Site Secure
Keeping Your Joomla! Site Securejoomladayhouston
 
A word press site even your mother can use
A word press site even your mother can useA word press site even your mother can use
A word press site even your mother can useJerrett Farmer
 
So you wanna be a pentester - free webinar to show you how
So you wanna be a pentester - free webinar to show you howSo you wanna be a pentester - free webinar to show you how
So you wanna be a pentester - free webinar to show you howJoe McCray
 
You Spent All That Money And Still Got Owned
You Spent All That Money And Still Got OwnedYou Spent All That Money And Still Got Owned
You Spent All That Money And Still Got OwnedJoe McCray
 
B wapp – bee bug – installation
B wapp – bee bug – installationB wapp – bee bug – installation
B wapp – bee bug – installationRonan Dunne, CEH, SSCP
 
Big Bang Theory: The Evolution of Pentesting High Security Environments
Big Bang Theory: The Evolution of Pentesting High Security EnvironmentsBig Bang Theory: The Evolution of Pentesting High Security Environments
Big Bang Theory: The Evolution of Pentesting High Security EnvironmentsJoe McCray
 
WordPress by a Dummy
WordPress by a DummyWordPress by a Dummy
WordPress by a DummyJerrett Farmer
 
WordPress Security 101 - WordCamp Nairobi 2019
WordPress Security 101 - WordCamp Nairobi 2019WordPress Security 101 - WordCamp Nairobi 2019
WordPress Security 101 - WordCamp Nairobi 2019stk_jj
 
Wireless Pentesting: It's more than cracking WEP
Wireless Pentesting: It's more than cracking WEPWireless Pentesting: It's more than cracking WEP
Wireless Pentesting: It's more than cracking WEPJoe McCray
 
WordPress security for everyone
WordPress security for everyoneWordPress security for everyone
WordPress security for everyoneVladimír Smitka
 
WordPress Security - The "No-BS" Version
WordPress Security - The "No-BS" VersionWordPress Security - The "No-BS" Version
WordPress Security - The "No-BS" VersionTony Perez
 
SANS 2015 - Superbees Wanted
SANS 2015 - Superbees WantedSANS 2015 - Superbees Wanted
SANS 2015 - Superbees WantedMalik Mesellem
 
Vault and Security as a Service
Vault and Security as a ServiceVault and Security as a Service
Vault and Security as a ServicePatrick Shields
 
Web sockets in java EE 7 - JavaOne 2013
Web sockets in java EE 7 - JavaOne 2013Web sockets in java EE 7 - JavaOne 2013
Web sockets in java EE 7 - JavaOne 2013Siva Arunachalam
 
Attacking with html5(lava kumar)
Attacking with html5(lava kumar)Attacking with html5(lava kumar)
Attacking with html5(lava kumar)ClubHack
 

More Related Content

What's hot

How to Secure your WordPress Website - WordCamp UK 2014
How to Secure your WordPress Website - WordCamp UK 2014How to Secure your WordPress Website - WordCamp UK 2014
How to Secure your WordPress Website - WordCamp UK 2014Primary Image Ltd
 
Building a low cost hack lab
Building a low cost hack labBuilding a low cost hack lab
Building a low cost hack labJoe McCray
 
Open source technologies in Microsoft cloud
Open source technologies in Microsoft cloudOpen source technologies in Microsoft cloud
Open source technologies in Microsoft cloudAlexey Bokov
 
WebGL and Real-Time Web Communication
WebGL and Real-Time Web CommunicationWebGL and Real-Time Web Communication
WebGL and Real-Time Web CommunicationPeter Moskovits
 
Joomladay Switzerland - security
Joomladay Switzerland - securityJoomladay Switzerland - security
Joomladay Switzerland - securityWilco Jansen
 
Getting ready for a Capture The Flag Hacking Competition
Getting ready for a Capture The Flag Hacking CompetitionGetting ready for a Capture The Flag Hacking Competition
Getting ready for a Capture The Flag Hacking CompetitionJoe McCray
 
Keeping Your Joomla! Site Secure
Keeping Your Joomla! Site SecureKeeping Your Joomla! Site Secure
Keeping Your Joomla! Site Securejoomladayhouston
 
A word press site even your mother can use
A word press site even your mother can useA word press site even your mother can use
A word press site even your mother can useJerrett Farmer
 
So you wanna be a pentester - free webinar to show you how
So you wanna be a pentester - free webinar to show you howSo you wanna be a pentester - free webinar to show you how
So you wanna be a pentester - free webinar to show you howJoe McCray
 
You Spent All That Money And Still Got Owned
You Spent All That Money And Still Got OwnedYou Spent All That Money And Still Got Owned
You Spent All That Money And Still Got OwnedJoe McCray
 
Big Bang Theory: The Evolution of Pentesting High Security Environments
Big Bang Theory: The Evolution of Pentesting High Security EnvironmentsBig Bang Theory: The Evolution of Pentesting High Security Environments
Big Bang Theory: The Evolution of Pentesting High Security EnvironmentsJoe McCray
 
WordPress Security 101 - WordCamp Nairobi 2019
WordPress Security 101 - WordCamp Nairobi 2019WordPress Security 101 - WordCamp Nairobi 2019
WordPress Security 101 - WordCamp Nairobi 2019stk_jj
 
Wireless Pentesting: It's more than cracking WEP
Wireless Pentesting: It's more than cracking WEPWireless Pentesting: It's more than cracking WEP
Wireless Pentesting: It's more than cracking WEPJoe McCray
 
WordPress security for everyone
WordPress security for everyoneWordPress security for everyone
WordPress security for everyoneVladimír Smitka
 
WordPress Security - The "No-BS" Version
WordPress Security - The "No-BS" VersionWordPress Security - The "No-BS" Version
WordPress Security - The "No-BS" VersionTony Perez
 
SANS 2015 - Superbees Wanted
SANS 2015 - Superbees WantedSANS 2015 - Superbees Wanted
SANS 2015 - Superbees WantedMalik Mesellem
 
Vault and Security as a Service
Vault and Security as a ServiceVault and Security as a Service
Vault and Security as a ServicePatrick Shields
 

What's hot (20)

How to Secure your WordPress Website - WordCamp UK 2014
How to Secure your WordPress Website - WordCamp UK 2014How to Secure your WordPress Website - WordCamp UK 2014
How to Secure your WordPress Website - WordCamp UK 2014
 
Building a low cost hack lab
Building a low cost hack labBuilding a low cost hack lab
Building a low cost hack lab
 
Open source technologies in Microsoft cloud
Open source technologies in Microsoft cloudOpen source technologies in Microsoft cloud
Open source technologies in Microsoft cloud
 
WebGL and Real-Time Web Communication
WebGL and Real-Time Web CommunicationWebGL and Real-Time Web Communication
WebGL and Real-Time Web Communication
 
Joomladay Switzerland - security
Joomladay Switzerland - securityJoomladay Switzerland - security
Joomladay Switzerland - security
 
Getting ready for a Capture The Flag Hacking Competition
Getting ready for a Capture The Flag Hacking CompetitionGetting ready for a Capture The Flag Hacking Competition
Getting ready for a Capture The Flag Hacking Competition
 
Real Time With Web Sockets
Real Time With Web SocketsReal Time With Web Sockets
Real Time With Web Sockets
 
Keeping Your Joomla! Site Secure
Keeping Your Joomla! Site SecureKeeping Your Joomla! Site Secure
Keeping Your Joomla! Site Secure
 
A word press site even your mother can use
A word press site even your mother can useA word press site even your mother can use
A word press site even your mother can use
 
So you wanna be a pentester - free webinar to show you how
So you wanna be a pentester - free webinar to show you howSo you wanna be a pentester - free webinar to show you how
So you wanna be a pentester - free webinar to show you how
 
You Spent All That Money And Still Got Owned
You Spent All That Money And Still Got OwnedYou Spent All That Money And Still Got Owned
You Spent All That Money And Still Got Owned
 
B wapp – bee bug – installation
B wapp – bee bug – installationB wapp – bee bug – installation
B wapp – bee bug – installation
 
Big Bang Theory: The Evolution of Pentesting High Security Environments
Big Bang Theory: The Evolution of Pentesting High Security EnvironmentsBig Bang Theory: The Evolution of Pentesting High Security Environments
Big Bang Theory: The Evolution of Pentesting High Security Environments
 
WordPress by a Dummy
WordPress by a DummyWordPress by a Dummy
WordPress by a Dummy
 
WordPress Security 101 - WordCamp Nairobi 2019
WordPress Security 101 - WordCamp Nairobi 2019WordPress Security 101 - WordCamp Nairobi 2019
WordPress Security 101 - WordCamp Nairobi 2019
 
Wireless Pentesting: It's more than cracking WEP
Wireless Pentesting: It's more than cracking WEPWireless Pentesting: It's more than cracking WEP
Wireless Pentesting: It's more than cracking WEP
 
WordPress security for everyone
WordPress security for everyoneWordPress security for everyone
WordPress security for everyone
 
WordPress Security - The "No-BS" Version
WordPress Security - The "No-BS" VersionWordPress Security - The "No-BS" Version
WordPress Security - The "No-BS" Version
 
SANS 2015 - Superbees Wanted
SANS 2015 - Superbees WantedSANS 2015 - Superbees Wanted
SANS 2015 - Superbees Wanted
 
Vault and Security as a Service
Vault and Security as a ServiceVault and Security as a Service
Vault and Security as a Service
 

Similar to Attack of the BEAST

Web sockets in java EE 7 - JavaOne 2013
Web sockets in java EE 7 - JavaOne 2013Web sockets in java EE 7 - JavaOne 2013
Web sockets in java EE 7 - JavaOne 2013Siva Arunachalam
 
Attacking with html5(lava kumar)
Attacking with html5(lava kumar)Attacking with html5(lava kumar)
Attacking with html5(lava kumar)ClubHack
 
proxy2: HTTPS pins and needles
proxy2: HTTPS pins and needlesproxy2: HTTPS pins and needles
proxy2: HTTPS pins and needlesinaz2
 
Domino Security - not knowing is not an option (2016 edition)
Domino Security - not knowing is not an option (2016 edition)Domino Security - not knowing is not an option (2016 edition)
Domino Security - not knowing is not an option (2016 edition)Darren Duke
 
WebRTC Overview
WebRTC OverviewWebRTC Overview
WebRTC OverviewArin Sime
 
libinjection: from SQLi to XSS  by Nick Galbreath
libinjection: from SQLi to XSS  by Nick Galbreathlibinjection: from SQLi to XSS  by Nick Galbreath
libinjection: from SQLi to XSS  by Nick GalbreathCODE BLUE
 
HTML5 Real Time and WebSocket Code Lab (SFHTML5, GTUGSF)
HTML5 Real Time and WebSocket Code Lab (SFHTML5, GTUGSF)HTML5 Real Time and WebSocket Code Lab (SFHTML5, GTUGSF)
HTML5 Real Time and WebSocket Code Lab (SFHTML5, GTUGSF)Peter Lubbers
 
Patterns and antipatterns in Docker image lifecycle as was presented at Devop...
Patterns and antipatterns in Docker image lifecycle as was presented at Devop...Patterns and antipatterns in Docker image lifecycle as was presented at Devop...
Patterns and antipatterns in Docker image lifecycle as was presented at Devop...Baruch Sadogursky
 
[edUiconf] HTML5 does all that… and i can haz cheeseburger? You bet!
[edUiconf] HTML5 does all that… and i can haz cheeseburger? You bet![edUiconf] HTML5 does all that… and i can haz cheeseburger? You bet!
[edUiconf] HTML5 does all that… and i can haz cheeseburger? You bet!Christopher Schmitt
 
Hack & Fix, Hands on ColdFusion Security Training
Hack & Fix, Hands on ColdFusion Security TrainingHack & Fix, Hands on ColdFusion Security Training
Hack & Fix, Hands on ColdFusion Security TrainingColdFusionConference
 
Security in OSS DevOps
Security in OSS DevOpsSecurity in OSS DevOps
Security in OSS DevOpsCheah Eng Soon
 
雲端影音與物聯網平台的軟體工程挑戰:以 Skywatch 為例-陳維超
雲端影音與物聯網平台的軟體工程挑戰:以 Skywatch 為例-陳維超雲端影音與物聯網平台的軟體工程挑戰:以 Skywatch 為例-陳維超
雲端影音與物聯網平台的軟體工程挑戰:以 Skywatch 為例-陳維超台灣資料科學年會
 
Evolution of WAF - Stop Worrying About Vulnerabilities
Evolution of WAF - Stop Worrying About VulnerabilitiesEvolution of WAF - Stop Worrying About Vulnerabilities
Evolution of WAF - Stop Worrying About VulnerabilitiesBrian A. McHenry
 
Creating Secure Web Apps: What Every Developer Needs to Know About HTTPS Today
Creating Secure Web Apps: What Every Developer Needs to Know About HTTPS TodayCreating Secure Web Apps: What Every Developer Needs to Know About HTTPS Today
Creating Secure Web Apps: What Every Developer Needs to Know About HTTPS TodayHeroku
 
Frontend tooling and workflows
Frontend tooling and workflowsFrontend tooling and workflows
Frontend tooling and workflowsDmitry Semigradsky
 
HTML5 video & Amazon elastic transcoder - FCIP August 2014
HTML5 video & Amazon elastic transcoder - FCIP August 2014HTML5 video & Amazon elastic transcoder - FCIP August 2014
HTML5 video & Amazon elastic transcoder - FCIP August 2014RZasadzinski
 
The Hacker's Guide To Session Hijacking
The Hacker's Guide To Session HijackingThe Hacker's Guide To Session Hijacking
The Hacker's Guide To Session HijackingPatrycja Wegrzynowicz
 
Building Secure User Interfaces With JWTs
Building Secure User Interfaces With JWTsBuilding Secure User Interfaces With JWTs
Building Secure User Interfaces With JWTsrobertjd
 
Multimedia on the web - HTML5 video and audio
Multimedia on the web - HTML5 video and audioMultimedia on the web - HTML5 video and audio
Multimedia on the web - HTML5 video and audioChristian Heilmann
 

Similar to Attack of the BEAST (20)

Web sockets in java EE 7 - JavaOne 2013
Web sockets in java EE 7 - JavaOne 2013Web sockets in java EE 7 - JavaOne 2013
Web sockets in java EE 7 - JavaOne 2013
 
Attacking with html5(lava kumar)
Attacking with html5(lava kumar)Attacking with html5(lava kumar)
Attacking with html5(lava kumar)
 
proxy2: HTTPS pins and needles
proxy2: HTTPS pins and needlesproxy2: HTTPS pins and needles
proxy2: HTTPS pins and needles
 
Domino Security - not knowing is not an option (2016 edition)
Domino Security - not knowing is not an option (2016 edition)Domino Security - not knowing is not an option (2016 edition)
Domino Security - not knowing is not an option (2016 edition)
 
WebRTC Overview
WebRTC OverviewWebRTC Overview
WebRTC Overview
 
libinjection: from SQLi to XSS  by Nick Galbreath
libinjection: from SQLi to XSS  by Nick Galbreathlibinjection: from SQLi to XSS  by Nick Galbreath
libinjection: from SQLi to XSS  by Nick Galbreath
 
[amigos] HTML5 and CSS3
[amigos] HTML5 and CSS3[amigos] HTML5 and CSS3
[amigos] HTML5 and CSS3
 
HTML5 Real Time and WebSocket Code Lab (SFHTML5, GTUGSF)
HTML5 Real Time and WebSocket Code Lab (SFHTML5, GTUGSF)HTML5 Real Time and WebSocket Code Lab (SFHTML5, GTUGSF)
HTML5 Real Time and WebSocket Code Lab (SFHTML5, GTUGSF)
 
Patterns and antipatterns in Docker image lifecycle as was presented at Devop...
Patterns and antipatterns in Docker image lifecycle as was presented at Devop...Patterns and antipatterns in Docker image lifecycle as was presented at Devop...
Patterns and antipatterns in Docker image lifecycle as was presented at Devop...
 
[edUiconf] HTML5 does all that… and i can haz cheeseburger? You bet!
[edUiconf] HTML5 does all that… and i can haz cheeseburger? You bet![edUiconf] HTML5 does all that… and i can haz cheeseburger? You bet!
[edUiconf] HTML5 does all that… and i can haz cheeseburger? You bet!
 
Hack & Fix, Hands on ColdFusion Security Training
Hack & Fix, Hands on ColdFusion Security TrainingHack & Fix, Hands on ColdFusion Security Training
Hack & Fix, Hands on ColdFusion Security Training
 
Security in OSS DevOps
Security in OSS DevOpsSecurity in OSS DevOps
Security in OSS DevOps
 
雲端影音與物聯網平台的軟體工程挑戰:以 Skywatch 為例-陳維超
雲端影音與物聯網平台的軟體工程挑戰:以 Skywatch 為例-陳維超雲端影音與物聯網平台的軟體工程挑戰:以 Skywatch 為例-陳維超
雲端影音與物聯網平台的軟體工程挑戰:以 Skywatch 為例-陳維超
 
Evolution of WAF - Stop Worrying About Vulnerabilities
Evolution of WAF - Stop Worrying About VulnerabilitiesEvolution of WAF - Stop Worrying About Vulnerabilities
Evolution of WAF - Stop Worrying About Vulnerabilities
 
Creating Secure Web Apps: What Every Developer Needs to Know About HTTPS Today
Creating Secure Web Apps: What Every Developer Needs to Know About HTTPS TodayCreating Secure Web Apps: What Every Developer Needs to Know About HTTPS Today
Creating Secure Web Apps: What Every Developer Needs to Know About HTTPS Today
 
Frontend tooling and workflows
Frontend tooling and workflowsFrontend tooling and workflows
Frontend tooling and workflows
 
HTML5 video & Amazon elastic transcoder - FCIP August 2014
HTML5 video & Amazon elastic transcoder - FCIP August 2014HTML5 video & Amazon elastic transcoder - FCIP August 2014
HTML5 video & Amazon elastic transcoder - FCIP August 2014
 
The Hacker's Guide To Session Hijacking
The Hacker's Guide To Session HijackingThe Hacker's Guide To Session Hijacking
The Hacker's Guide To Session Hijacking
 
Building Secure User Interfaces With JWTs
Building Secure User Interfaces With JWTsBuilding Secure User Interfaces With JWTs
Building Secure User Interfaces With JWTs
 
Multimedia on the web - HTML5 video and audio
Multimedia on the web - HTML5 video and audioMultimedia on the web - HTML5 video and audio
Multimedia on the web - HTML5 video and audio
 

More from Stefan Fodor

Coding Gateway - Exam Stefan
Coding Gateway - Exam StefanCoding Gateway - Exam Stefan
Coding Gateway - Exam StefanStefan Fodor
 
Collaboration Tools and Methods in Software Development
Collaboration Tools and Methods in Software DevelopmentCollaboration Tools and Methods in Software Development
Collaboration Tools and Methods in Software DevelopmentStefan Fodor
 
Risk assesment IT Security project
Risk assesment IT Security projectRisk assesment IT Security project
Risk assesment IT Security projectStefan Fodor
 
It Security Project
It Security ProjectIt Security Project
It Security ProjectStefan Fodor
 
Protocols for Embedded Node
Protocols for Embedded NodeProtocols for Embedded Node
Protocols for Embedded NodeStefan Fodor
 
Lillebaelt Academy - ro
Lillebaelt Academy - roLillebaelt Academy - ro
Lillebaelt Academy - roStefan Fodor
 
Side channel attacks
Side channel attacksSide channel attacks
Side channel attacksStefan Fodor
 
Special Subject 1+2: RoR 2
Special Subject 1+2: RoR 2Special Subject 1+2: RoR 2
Special Subject 1+2: RoR 2Stefan Fodor
 
Reconnaissance software
Reconnaissance software Reconnaissance software
Reconnaissance software Stefan Fodor
 
Special Subject 1+2: RoR 1
Special Subject 1+2: RoR 1Special Subject 1+2: RoR 1
Special Subject 1+2: RoR 1Stefan Fodor
 
Network telnet ssh
Network telnet sshNetwork telnet ssh
Network telnet sshStefan Fodor
 

More from Stefan Fodor (20)

Coding Gateway - Exam Stefan
Coding Gateway - Exam StefanCoding Gateway - Exam Stefan
Coding Gateway - Exam Stefan
 
Collaboration Tools and Methods in Software Development
Collaboration Tools and Methods in Software DevelopmentCollaboration Tools and Methods in Software Development
Collaboration Tools and Methods in Software Development
 
PacMan Rebourn
PacMan RebournPacMan Rebourn
PacMan Rebourn
 
Risk assesment IT Security project
Risk assesment IT Security projectRisk assesment IT Security project
Risk assesment IT Security project
 
It Security Project
It Security ProjectIt Security Project
It Security Project
 
Squash that Bug!
Squash that Bug!Squash that Bug!
Squash that Bug!
 
Protocols for Embedded Node
Protocols for Embedded NodeProtocols for Embedded Node
Protocols for Embedded Node
 
Qualys Threads
Qualys ThreadsQualys Threads
Qualys Threads
 
2FLogin
2FLogin2FLogin
2FLogin
 
Lillebaelt Academy - ro
Lillebaelt Academy - roLillebaelt Academy - ro
Lillebaelt Academy - ro
 
Ruby on Rails 3
Ruby on Rails 3Ruby on Rails 3
Ruby on Rails 3
 
Side channel attacks
Side channel attacksSide channel attacks
Side channel attacks
 
Special Subject 1+2: RoR 2
Special Subject 1+2: RoR 2Special Subject 1+2: RoR 2
Special Subject 1+2: RoR 2
 
dry_run_exam
dry_run_examdry_run_exam
dry_run_exam
 
Facebook
FacebookFacebook
Facebook
 
Logs
LogsLogs
Logs
 
Reconnaissance software
Reconnaissance software Reconnaissance software
Reconnaissance software
 
Special Subject 1+2: RoR 1
Special Subject 1+2: RoR 1Special Subject 1+2: RoR 1
Special Subject 1+2: RoR 1
 
Network proj 1.1
Network proj 1.1Network proj 1.1
Network proj 1.1
 
Network telnet ssh
Network telnet sshNetwork telnet ssh
Network telnet ssh
 

Recently uploaded

Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)Jisc
 
How to Manage Global Discount in Odoo 17 POS
How to Manage Global Discount in Odoo 17 POSHow to Manage Global Discount in Odoo 17 POS
How to Manage Global Discount in Odoo 17 POSCeline George
 
Micro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdfMicro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdfPoh-Sun Goh
 
This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.christianmathematics
 
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...christianmathematics
 
On National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan FellowsOn National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan FellowsMebane Rash
 
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...Nguyen Thanh Tu Collection
 
SKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptx
SKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptxSKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptx
SKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptxAmanpreet Kaur
 
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdfUGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdfNirmal Dwivedi
 
ICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptxICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptxAreebaZafar22
 
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptxBasic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptxDenish Jangid
 
Key note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfKey note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfAdmir Softic
 
psychiatric nursing HISTORY COLLECTION .docx
psychiatric nursing HISTORY COLLECTION .docxpsychiatric nursing HISTORY COLLECTION .docx
psychiatric nursing HISTORY COLLECTION .docxPoojaSen20
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingTechSoup
 
Food safety_Challenges food safety laboratories_.pdf
Food safety_Challenges food safety laboratories_.pdfFood safety_Challenges food safety laboratories_.pdf
Food safety_Challenges food safety laboratories_.pdfSherif Taha
 
Seal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptxSeal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptxnegromaestrong
 
Python Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docxPython Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docxRamakrishna Reddy Bijjam
 
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdfQucHHunhnh
 
Magic bus Group work1and 2 (Team 3).pptx
Magic bus Group work1and 2 (Team 3).pptxMagic bus Group work1and 2 (Team 3).pptx
Magic bus Group work1and 2 (Team 3).pptxdhanalakshmis0310
 

Recently uploaded (20)

Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)
 
How to Manage Global Discount in Odoo 17 POS
How to Manage Global Discount in Odoo 17 POSHow to Manage Global Discount in Odoo 17 POS
How to Manage Global Discount in Odoo 17 POS
 
Micro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdfMicro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdf
 
This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.
 
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
 
On National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan FellowsOn National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan Fellows
 
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
 
SKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptx
SKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptxSKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptx
SKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptx
 
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdfUGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
 
ICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptxICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptx
 
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptxBasic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
 
Key note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfKey note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdf
 
psychiatric nursing HISTORY COLLECTION .docx
psychiatric nursing HISTORY COLLECTION .docxpsychiatric nursing HISTORY COLLECTION .docx
psychiatric nursing HISTORY COLLECTION .docx
 
Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University Newsletter Vol-X, Issue-I, 2024Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University Newsletter Vol-X, Issue-I, 2024
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy Consulting
 
Food safety_Challenges food safety laboratories_.pdf
Food safety_Challenges food safety laboratories_.pdfFood safety_Challenges food safety laboratories_.pdf
Food safety_Challenges food safety laboratories_.pdf
 
Seal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptxSeal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptx
 
Python Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docxPython Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docx
 
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf
 
Magic bus Group work1and 2 (Team 3).pptx
Magic bus Group work1and 2 (Team 3).pptxMagic bus Group work1and 2 (Team 3).pptx
Magic bus Group work1and 2 (Team 3).pptx
 

Attack of the BEAST

  • 1. Attack of the BEAST Stefan, Paul, Vlad
  • 2. Overview • What is beast attack? • How BEAST works • Taming of the BEAST • Video demo • Questions
  • 3. BEAST ATTACK • BEAST = Browser Exploit Against SSL/TSL • Decrypt HTTPS traffic • Based on SSL exploit • 10 years old flow based • Considered theoretical attack until now
  • 4. How BEAST works • Java applet • CSRF • Code injection • Cookie decription
  • 5. Taming of the BEAST • Firefox • Blocking Java • NoScript plug-in • Internet Explorer • Security Advisory (2588513) • Chrome • pushed out a fix through a really fast chrome update • Opera • Searching for the beast solution to implement their fix • Safari • Apple representatives did not respond to e-mail or telephone requests for comment about the Safari browser
  • 7.
  • 8. References • http://news.cnet.com/8301-27080_3-20113530- 245/browsers-tackle-the-beast-web-security-problem/ • https://idjh.files.wordpress.com/2011/09/beast.png • http://news.cnet.com/8301-27080_3-20113530- 245/browsers-tackle-the-beast-web-security-problem/ • http://nakedsecurity.sophos.com/2011/09/24/secure-web- browsing-cracked-by-beast • https://blogs.msdn.com/b/kaushal/archive/2011/10/03/tamin g-the-beast-browser-exploit-against-ssl-tls.aspx • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011- 3389