SlideShare a Scribd company logo

Attack of the BEAST

Stefan Fodor
Stefan Fodor

IT Security short presentation about the BEAST attack

EducationTechnologyEntertainment & Humor
1 of 8
Download to read offline
Attack of the BEAST Stefan, Paul, Vlad
Overview • What is beast attack? • How BEAST works • Taming of the BEAST • Video demo • Questions
BEAST ATTACK • BEAST = Browser Exploit Against SSL/TSL • Decrypt HTTPS traffic • Based on SSL exploit • 10 years old flow based • Considered theoretical attack until now
How BEAST works • Java applet • CSRF • Code injection • Cookie decription
Taming of the BEAST • Firefox • Blocking Java • NoScript plug-in • Internet Explorer • Security Advisory (2588513) • Chrome • pushed out a fix through a really fast chrome update • Opera • Searching for the beast solution to implement their fix • Safari • Apple representatives did not respond to e-mail or telephone requests for comment about the Safari browser
Video Demo • http://www.youtube.com/watch?v=BTqAIDVUvrU
References • http://news.cnet.com/8301-27080_3-20113530- 245/browsers-tackle-the-beast-web-security-problem/ • https://idjh.files.wordpress.com/2011/09/beast.png • http://news.cnet.com/8301-27080_3-20113530- 245/browsers-tackle-the-beast-web-security-problem/ • http://nakedsecurity.sophos.com/2011/09/24/secure-web- browsing-cracked-by-beast • https://blogs.msdn.com/b/kaushal/archive/2011/10/03/tamin g-the-beast-browser-exploit-against-ssl-tls.aspx • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011- 3389

Recommended

Keep Your SIte Secure
Keep Your SIte SecureKeep Your SIte Secure
Keep Your SIte Secure
Michele Butcher-Jones
 
8 Simple Ways to Hack Your Joomla
8 Simple Ways to Hack Your Joomla8 Simple Ways to Hack Your Joomla
8 Simple Ways to Hack Your Joomla
SiteGround.com
 
How To Build The Perfect Backtrack 4 Usb Drive
How To Build The Perfect Backtrack 4 Usb DriveHow To Build The Perfect Backtrack 4 Usb Drive
How To Build The Perfect Backtrack 4 Usb Drive
kriggins
 
Secrets to a Hack-Proof Joomla Revealed
Secrets to a Hack-Proof Joomla RevealedSecrets to a Hack-Proof Joomla Revealed
Secrets to a Hack-Proof Joomla Revealed
SiteGround.com
 
8 Most Popular Joomla Hacks & How To Avoid Them
8 Most Popular Joomla Hacks & How To Avoid Them8 Most Popular Joomla Hacks & How To Avoid Them
8 Most Popular Joomla Hacks & How To Avoid Them
SiteGround.com
 
8 Ways to Hack a WordPress website
8 Ways to Hack a WordPress website8 Ways to Hack a WordPress website
8 Ways to Hack a WordPress website
SiteGround.com
 
Beginning WordPress Security WordCamp North Canton 2015
Beginning WordPress Security WordCamp North Canton 2015Beginning WordPress Security WordCamp North Canton 2015
Beginning WordPress Security WordCamp North Canton 2015
Michele Butcher-Jones
 
Managing WordPress
Managing WordPressManaging WordPress
Managing WordPress
Steven Watts
 

Recommended

Keep Your SIte Secure
Keep Your SIte SecureKeep Your SIte Secure
Keep Your SIte Secure
Michele Butcher-Jones
 
8 Simple Ways to Hack Your Joomla
8 Simple Ways to Hack Your Joomla8 Simple Ways to Hack Your Joomla
8 Simple Ways to Hack Your Joomla
SiteGround.com
 
How To Build The Perfect Backtrack 4 Usb Drive
How To Build The Perfect Backtrack 4 Usb DriveHow To Build The Perfect Backtrack 4 Usb Drive
How To Build The Perfect Backtrack 4 Usb Drive
kriggins
 
Secrets to a Hack-Proof Joomla Revealed
Secrets to a Hack-Proof Joomla RevealedSecrets to a Hack-Proof Joomla Revealed
Secrets to a Hack-Proof Joomla Revealed
SiteGround.com
 
8 Most Popular Joomla Hacks & How To Avoid Them
8 Most Popular Joomla Hacks & How To Avoid Them8 Most Popular Joomla Hacks & How To Avoid Them
8 Most Popular Joomla Hacks & How To Avoid Them
SiteGround.com
 
8 Ways to Hack a WordPress website
8 Ways to Hack a WordPress website8 Ways to Hack a WordPress website
8 Ways to Hack a WordPress website
SiteGround.com
 
Beginning WordPress Security WordCamp North Canton 2015
Beginning WordPress Security WordCamp North Canton 2015Beginning WordPress Security WordCamp North Canton 2015
Beginning WordPress Security WordCamp North Canton 2015
Michele Butcher-Jones
 
Managing WordPress
Managing WordPressManaging WordPress
Managing WordPress
Steven Watts
 
How to Secure your WordPress Website - WordCamp UK 2014
How to Secure your WordPress Website - WordCamp UK 2014How to Secure your WordPress Website - WordCamp UK 2014
How to Secure your WordPress Website - WordCamp UK 2014
Primary Image Ltd
 
Building a low cost hack lab
Building a low cost hack labBuilding a low cost hack lab
Building a low cost hack lab
Joe McCray
 
Open source technologies in Microsoft cloud
Open source technologies in Microsoft cloudOpen source technologies in Microsoft cloud
Open source technologies in Microsoft cloud
Alexey Bokov
 
WebGL and Real-Time Web Communication
WebGL and Real-Time Web CommunicationWebGL and Real-Time Web Communication
WebGL and Real-Time Web Communication
Peter Moskovits
 
Joomladay Switzerland - security
Joomladay Switzerland - securityJoomladay Switzerland - security
Joomladay Switzerland - security
Wilco Jansen
 
Getting ready for a Capture The Flag Hacking Competition
Getting ready for a Capture The Flag Hacking CompetitionGetting ready for a Capture The Flag Hacking Competition
Getting ready for a Capture The Flag Hacking Competition
Joe McCray
 
Real Time With Web Sockets
Real Time With Web SocketsReal Time With Web Sockets
Real Time With Web Sockets
ColdFusionConference
 
Keeping Your Joomla! Site Secure
Keeping Your Joomla! Site SecureKeeping Your Joomla! Site Secure
Keeping Your Joomla! Site Secure
joomladayhouston
 
A word press site even your mother can use
A word press site even your mother can useA word press site even your mother can use
A word press site even your mother can use
Jerrett Farmer
 
So you wanna be a pentester - free webinar to show you how
So you wanna be a pentester - free webinar to show you howSo you wanna be a pentester - free webinar to show you how
So you wanna be a pentester - free webinar to show you how
Joe McCray
 
You Spent All That Money And Still Got Owned
You Spent All That Money And Still Got OwnedYou Spent All That Money And Still Got Owned
You Spent All That Money And Still Got Owned
Joe McCray
 
B wapp – bee bug – installation
B wapp – bee bug – installationB wapp – bee bug – installation
B wapp – bee bug – installation
Ronan Dunne, CEH, SSCP
 
Big Bang Theory: The Evolution of Pentesting High Security Environments
Big Bang Theory: The Evolution of Pentesting High Security EnvironmentsBig Bang Theory: The Evolution of Pentesting High Security Environments
Big Bang Theory: The Evolution of Pentesting High Security Environments
Joe McCray
 
WordPress by a Dummy
WordPress by a DummyWordPress by a Dummy
WordPress by a Dummy
Jerrett Farmer
 
WordPress Security 101 - WordCamp Nairobi 2019
WordPress Security 101 - WordCamp Nairobi 2019WordPress Security 101 - WordCamp Nairobi 2019
WordPress Security 101 - WordCamp Nairobi 2019
stk_jj
 
Wireless Pentesting: It's more than cracking WEP
Wireless Pentesting: It's more than cracking WEPWireless Pentesting: It's more than cracking WEP
Wireless Pentesting: It's more than cracking WEP
Joe McCray
 
WordPress security for everyone
WordPress security for everyoneWordPress security for everyone
WordPress security for everyone
Vladimír Smitka
 
WordPress Security - The "No-BS" Version
WordPress Security - The "No-BS" VersionWordPress Security - The "No-BS" Version
WordPress Security - The "No-BS" Version
Tony Perez
 
SANS 2015 - Superbees Wanted
SANS 2015 - Superbees WantedSANS 2015 - Superbees Wanted
SANS 2015 - Superbees Wanted
Malik Mesellem
 
Vault and Security as a Service
Vault and Security as a ServiceVault and Security as a Service
Vault and Security as a Service
Patrick Shields
 
Web sockets in java EE 7 - JavaOne 2013
Web sockets in java EE 7 - JavaOne 2013Web sockets in java EE 7 - JavaOne 2013
Web sockets in java EE 7 - JavaOne 2013
Siva Arunachalam
 
Attacking with html5(lava kumar)
Attacking with html5(lava kumar)Attacking with html5(lava kumar)
Attacking with html5(lava kumar)
ClubHack
 

More Related Content

What's hot

Building a low cost hack lab
Building a low cost hack labBuilding a low cost hack lab
Building a low cost hack lab
Joe McCray
 
So you wanna be a pentester - free webinar to show you how
So you wanna be a pentester - free webinar to show you howSo you wanna be a pentester - free webinar to show you how
So you wanna be a pentester - free webinar to show you how
Joe McCray
 

What's hot (20)

How to Secure your WordPress Website - WordCamp UK 2014
How to Secure your WordPress Website - WordCamp UK 2014How to Secure your WordPress Website - WordCamp UK 2014
How to Secure your WordPress Website - WordCamp UK 2014
 
Building a low cost hack lab
Building a low cost hack labBuilding a low cost hack lab
Building a low cost hack lab
 
Open source technologies in Microsoft cloud
Open source technologies in Microsoft cloudOpen source technologies in Microsoft cloud
Open source technologies in Microsoft cloud
 
WebGL and Real-Time Web Communication
WebGL and Real-Time Web CommunicationWebGL and Real-Time Web Communication
WebGL and Real-Time Web Communication
 
Joomladay Switzerland - security
Joomladay Switzerland - securityJoomladay Switzerland - security
Joomladay Switzerland - security
 
Getting ready for a Capture The Flag Hacking Competition
Getting ready for a Capture The Flag Hacking CompetitionGetting ready for a Capture The Flag Hacking Competition
Getting ready for a Capture The Flag Hacking Competition
 
Real Time With Web Sockets
Real Time With Web SocketsReal Time With Web Sockets
Real Time With Web Sockets
 
Keeping Your Joomla! Site Secure
Keeping Your Joomla! Site SecureKeeping Your Joomla! Site Secure
Keeping Your Joomla! Site Secure
 
A word press site even your mother can use
A word press site even your mother can useA word press site even your mother can use
A word press site even your mother can use
 
So you wanna be a pentester - free webinar to show you how
So you wanna be a pentester - free webinar to show you howSo you wanna be a pentester - free webinar to show you how
So you wanna be a pentester - free webinar to show you how
 
You Spent All That Money And Still Got Owned
You Spent All That Money And Still Got OwnedYou Spent All That Money And Still Got Owned
You Spent All That Money And Still Got Owned
 
B wapp – bee bug – installation
B wapp – bee bug – installationB wapp – bee bug – installation
B wapp – bee bug – installation
 
Big Bang Theory: The Evolution of Pentesting High Security Environments
Big Bang Theory: The Evolution of Pentesting High Security EnvironmentsBig Bang Theory: The Evolution of Pentesting High Security Environments
Big Bang Theory: The Evolution of Pentesting High Security Environments
 
WordPress by a Dummy
WordPress by a DummyWordPress by a Dummy
WordPress by a Dummy
 
WordPress Security 101 - WordCamp Nairobi 2019
WordPress Security 101 - WordCamp Nairobi 2019WordPress Security 101 - WordCamp Nairobi 2019
WordPress Security 101 - WordCamp Nairobi 2019
 
Wireless Pentesting: It's more than cracking WEP
Wireless Pentesting: It's more than cracking WEPWireless Pentesting: It's more than cracking WEP
Wireless Pentesting: It's more than cracking WEP
 
WordPress security for everyone
WordPress security for everyoneWordPress security for everyone
WordPress security for everyone
 
WordPress Security - The "No-BS" Version
WordPress Security - The "No-BS" VersionWordPress Security - The "No-BS" Version
WordPress Security - The "No-BS" Version
 
SANS 2015 - Superbees Wanted
SANS 2015 - Superbees WantedSANS 2015 - Superbees Wanted
SANS 2015 - Superbees Wanted
 
Vault and Security as a Service
Vault and Security as a ServiceVault and Security as a Service
Vault and Security as a Service
 

Similar to Attack of the BEAST

Web sockets in java EE 7 - JavaOne 2013
Web sockets in java EE 7 - JavaOne 2013Web sockets in java EE 7 - JavaOne 2013
Web sockets in java EE 7 - JavaOne 2013
Siva Arunachalam
 
Attacking with html5(lava kumar)
Attacking with html5(lava kumar)Attacking with html5(lava kumar)
Attacking with html5(lava kumar)
ClubHack
 
libinjection: from SQLi to XSS  by Nick Galbreath
libinjection: from SQLi to XSS  by Nick Galbreathlibinjection: from SQLi to XSS  by Nick Galbreath
libinjection: from SQLi to XSS  by Nick Galbreath
CODE BLUE
 
Creating Secure Web Apps: What Every Developer Needs to Know About HTTPS Today
Creating Secure Web Apps: What Every Developer Needs to Know About HTTPS TodayCreating Secure Web Apps: What Every Developer Needs to Know About HTTPS Today
Creating Secure Web Apps: What Every Developer Needs to Know About HTTPS Today
Heroku
 
HTML5 video & Amazon elastic transcoder - FCIP August 2014
HTML5 video & Amazon elastic transcoder - FCIP August 2014HTML5 video & Amazon elastic transcoder - FCIP August 2014
HTML5 video & Amazon elastic transcoder - FCIP August 2014
RZasadzinski
 

Similar to Attack of the BEAST (20)

Web sockets in java EE 7 - JavaOne 2013
Web sockets in java EE 7 - JavaOne 2013Web sockets in java EE 7 - JavaOne 2013
Web sockets in java EE 7 - JavaOne 2013
 
Attacking with html5(lava kumar)
Attacking with html5(lava kumar)Attacking with html5(lava kumar)
Attacking with html5(lava kumar)
 
proxy2: HTTPS pins and needles
proxy2: HTTPS pins and needlesproxy2: HTTPS pins and needles
proxy2: HTTPS pins and needles
 
Domino Security - not knowing is not an option (2016 edition)
Domino Security - not knowing is not an option (2016 edition)Domino Security - not knowing is not an option (2016 edition)
Domino Security - not knowing is not an option (2016 edition)
 
WebRTC Overview
WebRTC OverviewWebRTC Overview
WebRTC Overview
 
libinjection: from SQLi to XSS  by Nick Galbreath
libinjection: from SQLi to XSS  by Nick Galbreathlibinjection: from SQLi to XSS  by Nick Galbreath
libinjection: from SQLi to XSS  by Nick Galbreath
 
[amigos] HTML5 and CSS3
[amigos] HTML5 and CSS3[amigos] HTML5 and CSS3
[amigos] HTML5 and CSS3
 
HTML5 Real Time and WebSocket Code Lab (SFHTML5, GTUGSF)
HTML5 Real Time and WebSocket Code Lab (SFHTML5, GTUGSF)HTML5 Real Time and WebSocket Code Lab (SFHTML5, GTUGSF)
HTML5 Real Time and WebSocket Code Lab (SFHTML5, GTUGSF)
 
Patterns and antipatterns in Docker image lifecycle as was presented at Devop...
Patterns and antipatterns in Docker image lifecycle as was presented at Devop...Patterns and antipatterns in Docker image lifecycle as was presented at Devop...
Patterns and antipatterns in Docker image lifecycle as was presented at Devop...
 
[edUiconf] HTML5 does all that… and i can haz cheeseburger? You bet!
[edUiconf] HTML5 does all that… and i can haz cheeseburger? You bet![edUiconf] HTML5 does all that… and i can haz cheeseburger? You bet!
[edUiconf] HTML5 does all that… and i can haz cheeseburger? You bet!
 
Hack & Fix, Hands on ColdFusion Security Training
Hack & Fix, Hands on ColdFusion Security TrainingHack & Fix, Hands on ColdFusion Security Training
Hack & Fix, Hands on ColdFusion Security Training
 
Security in OSS DevOps
Security in OSS DevOpsSecurity in OSS DevOps
Security in OSS DevOps
 
雲端影音與物聯網平台的軟體工程挑戰:以 Skywatch 為例-陳維超
雲端影音與物聯網平台的軟體工程挑戰:以 Skywatch 為例-陳維超雲端影音與物聯網平台的軟體工程挑戰:以 Skywatch 為例-陳維超
雲端影音與物聯網平台的軟體工程挑戰:以 Skywatch 為例-陳維超
 
Evolution of WAF - Stop Worrying About Vulnerabilities
Evolution of WAF - Stop Worrying About VulnerabilitiesEvolution of WAF - Stop Worrying About Vulnerabilities
Evolution of WAF - Stop Worrying About Vulnerabilities
 
Creating Secure Web Apps: What Every Developer Needs to Know About HTTPS Today
Creating Secure Web Apps: What Every Developer Needs to Know About HTTPS TodayCreating Secure Web Apps: What Every Developer Needs to Know About HTTPS Today
Creating Secure Web Apps: What Every Developer Needs to Know About HTTPS Today
 
Frontend tooling and workflows
Frontend tooling and workflowsFrontend tooling and workflows
Frontend tooling and workflows
 
HTML5 video & Amazon elastic transcoder - FCIP August 2014
HTML5 video & Amazon elastic transcoder - FCIP August 2014HTML5 video & Amazon elastic transcoder - FCIP August 2014
HTML5 video & Amazon elastic transcoder - FCIP August 2014
 
The Hacker's Guide To Session Hijacking
The Hacker's Guide To Session HijackingThe Hacker's Guide To Session Hijacking
The Hacker's Guide To Session Hijacking
 
Building Secure User Interfaces With JWTs
Building Secure User Interfaces With JWTsBuilding Secure User Interfaces With JWTs
Building Secure User Interfaces With JWTs
 
Multimedia on the web - HTML5 video and audio
Multimedia on the web - HTML5 video and audioMultimedia on the web - HTML5 video and audio
Multimedia on the web - HTML5 video and audio
 

More from Stefan Fodor

Coding Gateway - Exam Stefan
Coding Gateway - Exam StefanCoding Gateway - Exam Stefan
Coding Gateway - Exam Stefan
Stefan Fodor
 
Risk assesment IT Security project
Risk assesment IT Security projectRisk assesment IT Security project
Risk assesment IT Security project
Stefan Fodor
 
Special Subject 1+2: RoR 2
Special Subject 1+2: RoR 2Special Subject 1+2: RoR 2
Special Subject 1+2: RoR 2
Stefan Fodor
 
Reconnaissance software
Reconnaissance software Reconnaissance software
Reconnaissance software
Stefan Fodor
 
Special Subject 1+2: RoR 1
Special Subject 1+2: RoR 1Special Subject 1+2: RoR 1
Special Subject 1+2: RoR 1
Stefan Fodor
 

More from Stefan Fodor (20)

Coding Gateway - Exam Stefan
Coding Gateway - Exam StefanCoding Gateway - Exam Stefan
Coding Gateway - Exam Stefan
 
Collaboration Tools and Methods in Software Development
Collaboration Tools and Methods in Software DevelopmentCollaboration Tools and Methods in Software Development
Collaboration Tools and Methods in Software Development
 
PacMan Rebourn
PacMan RebournPacMan Rebourn
PacMan Rebourn
 
Risk assesment IT Security project
Risk assesment IT Security projectRisk assesment IT Security project
Risk assesment IT Security project
 
It Security Project
It Security ProjectIt Security Project
It Security Project
 
Squash that Bug!
Squash that Bug!Squash that Bug!
Squash that Bug!
 
Protocols for Embedded Node
Protocols for Embedded NodeProtocols for Embedded Node
Protocols for Embedded Node
 
Qualys Threads
Qualys ThreadsQualys Threads
Qualys Threads
 
2FLogin
2FLogin2FLogin
2FLogin
 
Lillebaelt Academy - ro
Lillebaelt Academy - roLillebaelt Academy - ro
Lillebaelt Academy - ro
 
Ruby on Rails 3
Ruby on Rails 3Ruby on Rails 3
Ruby on Rails 3
 
Side channel attacks
Side channel attacksSide channel attacks
Side channel attacks
 
Special Subject 1+2: RoR 2
Special Subject 1+2: RoR 2Special Subject 1+2: RoR 2
Special Subject 1+2: RoR 2
 
dry_run_exam
dry_run_examdry_run_exam
dry_run_exam
 
Facebook
FacebookFacebook
Facebook
 
Logs
LogsLogs
Logs
 
Reconnaissance software
Reconnaissance software Reconnaissance software
Reconnaissance software
 
Special Subject 1+2: RoR 1
Special Subject 1+2: RoR 1Special Subject 1+2: RoR 1
Special Subject 1+2: RoR 1
 
Network proj 1.1
Network proj 1.1Network proj 1.1
Network proj 1.1
 
Network telnet ssh
Network telnet sshNetwork telnet ssh
Network telnet ssh
 

Recently uploaded

Making communications land - Are they received and understood as intended? we...
Making communications land - Are they received and understood as intended? we...Making communications land - Are they received and understood as intended? we...
Making communications land - Are they received and understood as intended? we...
Association for Project Management
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdf
ciinovamais
 

Recently uploaded (20)

Food safety_Challenges food safety laboratories_.pdf
Food safety_Challenges food safety laboratories_.pdfFood safety_Challenges food safety laboratories_.pdf
Food safety_Challenges food safety laboratories_.pdf
 
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
 
ComPTIA Overview | Comptia Security+ Book SY0-701
ComPTIA Overview | Comptia Security+ Book SY0-701ComPTIA Overview | Comptia Security+ Book SY0-701
ComPTIA Overview | Comptia Security+ Book SY0-701
 
How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17
 
FSB Advising Checklist - Orientation 2024
FSB Advising Checklist - Orientation 2024FSB Advising Checklist - Orientation 2024
FSB Advising Checklist - Orientation 2024
 
This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.
 
Dyslexia AI Workshop for Slideshare.pptx
Dyslexia AI Workshop for Slideshare.pptxDyslexia AI Workshop for Slideshare.pptx
Dyslexia AI Workshop for Slideshare.pptx
 
Making communications land - Are they received and understood as intended? we...
Making communications land - Are they received and understood as intended? we...Making communications land - Are they received and understood as intended? we...
Making communications land - Are they received and understood as intended? we...
 
Mixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
Mixin Classes in Odoo 17 How to Extend Models Using Mixin ClassesMixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
Mixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
 
SKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptx
SKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptxSKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptx
SKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptx
 
SOC 101 Demonstration of Learning Presentation
SOC 101 Demonstration of Learning PresentationSOC 101 Demonstration of Learning Presentation
SOC 101 Demonstration of Learning Presentation
 
Application orientated numerical on hev.ppt
Application orientated numerical on hev.pptApplication orientated numerical on hev.ppt
Application orientated numerical on hev.ppt
 
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdfUGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
 
Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University Newsletter Vol-X, Issue-I, 2024Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University Newsletter Vol-X, Issue-I, 2024
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdf
 
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptxHMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
 
Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)
 
ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.
 
General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...
 
ICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptxICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptx
 

Attack of the BEAST

  • 1. Attack of the BEAST Stefan, Paul, Vlad
  • 2. Overview • What is beast attack? • How BEAST works • Taming of the BEAST • Video demo • Questions
  • 3. BEAST ATTACK • BEAST = Browser Exploit Against SSL/TSL • Decrypt HTTPS traffic • Based on SSL exploit • 10 years old flow based • Considered theoretical attack until now
  • 4. How BEAST works • Java applet • CSRF • Code injection • Cookie decription
  • 5. Taming of the BEAST • Firefox • Blocking Java • NoScript plug-in • Internet Explorer • Security Advisory (2588513) • Chrome • pushed out a fix through a really fast chrome update • Opera • Searching for the beast solution to implement their fix • Safari • Apple representatives did not respond to e-mail or telephone requests for comment about the Safari browser
  • 7.
  • 8. References • http://news.cnet.com/8301-27080_3-20113530- 245/browsers-tackle-the-beast-web-security-problem/ • https://idjh.files.wordpress.com/2011/09/beast.png • http://news.cnet.com/8301-27080_3-20113530- 245/browsers-tackle-the-beast-web-security-problem/ • http://nakedsecurity.sophos.com/2011/09/24/secure-web- browsing-cracked-by-beast • https://blogs.msdn.com/b/kaushal/archive/2011/10/03/tamin g-the-beast-browser-exploit-against-ssl-tls.aspx • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011- 3389