Scientific Linux Forum.org -> crack SSL cookies in just ten minutes

This forum is proudly powered by Scientific Linux 6

SL website Download SL Help Search Members

Welcome Guest ( Log In | Register )

Resend Validation Email

Scientific Linux Forum.org -> Support -> Security and privacy

crack SSL cookies in just ten minutes

Track This Topic | Email This Topic | Print This Topic

francocerisola

Posted: Sep 21 2011, 11:16 AM

SLF Newbie

Group: Members
Posts: 2
Member No.: 482
Joined: 18-July 11

QUOTE

On Friday, 23 September, at the Ekoparty security conference in Buenos Aires, researchers Juliano Rizzo and Thai Duong are planning to present a tool known as BEAST (Browser Exploit Against SSL/TLS). The tool allows an attacker on the same network to intercept and decrypt SSL cookies by performing a 'blockwise-adaptive chosen-plaintext' attackPDF on encrypted packets.

The attacker has to get the browser to send some data to the remote site over the encrypted channel. Since the attacker now has both plain and encrypted text, they are able to determine the entropy used, significantly reducing the work involved in cracking the encryption. According to comments made by Rizzo to The Register, BEAST is now able to crack an encrypted PayPal cookie in less than ten minutes.

More info here.

wearetheborg	Posted: Sep 27 2011, 07:37 PM
SLF Advocate Group: Members Posts: 352 Member No.: 18 Joined: 11-April 11	Thanks... Followup: http://www.imperialviolet.org/2011/09/23/chromeandbeast.html -------------------- Finally I alone survived, a rat in the walls of the BRANIAC contruct....
	^

0 User(s) are reading this topic (0 Guests and 0 Anonymous Users)

0 Members:

« Next Oldest | Security and privacy | Next Newest »

Powered by Invision Power Board (Jcink.com Free Forum Hosting) © 2012 IPS, Inc.
Page creation time: 0.0175 · Mobile | Lo-Fi