Scientific Linux Forum.org



  Reply to this topicStart new topicStart Poll

> crack SSL cookies in just ten minutes
francocerisola
 Posted: Sep 21 2011, 11:16 AM
Quote Post


SLF Newbie


Group: Members
Posts: 2
Member No.: 482
Joined: 18-July 11









QUOTE
On Friday, 23 September, at the Ekoparty security conference in Buenos Aires, researchers Juliano Rizzo and Thai Duong are planning to present a tool known as BEAST (Browser Exploit Against SSL/TLS). The tool allows an attacker on the same network to intercept and decrypt SSL cookies by performing a 'blockwise-adaptive chosen-plaintext' attackPDF on encrypted packets.

The attacker has to get the browser to send some data to the remote site over the encrypted channel. Since the attacker now has both plain and encrypted text, they are able to determine the entropy used, significantly reducing the work involved in cracking the encryption. According to comments made by Rizzo to The Register, BEAST is now able to crack an encrypted PayPal cookie in less than ten minutes.


More info here.
PM
^
wearetheborg
 Posted: Sep 27 2011, 07:37 PM
Quote Post


SLF Advocate
*****

Group: Members
Posts: 355
Member No.: 18
Joined: 11-April 11











--------------------
PM
^
0 User(s) are reading this topic (0 Guests and 0 Anonymous Users)
0 Members:

Topic Options Reply to this topicStart new topicStart Poll