2. Overview
• What is beast attack?
• How BEAST works
• Taming of the BEAST
• Video demo
• Questions
3. BEAST ATTACK
• BEAST = Browser Exploit Against SSL/TSL
• Decrypt HTTPS traffic
• Based on SSL exploit
• 10 years old flow based
• Considered theoretical attack until now
4. How BEAST works
• Java applet
• CSRF
• Code injection
• Cookie decription
5. Taming of the BEAST
• Firefox
• Blocking Java
• NoScript plug-in
• Internet Explorer
• Security Advisory (2588513)
• Chrome
• pushed out a fix through a really fast chrome update
• Opera
• Searching for the beast solution to implement their fix
• Safari
• Apple representatives did not respond to e-mail or telephone
requests for comment about the Safari browser