Scientific Linux

  Reply to this topicStart new topicStart Poll

> crack SSL cookies in just ten minutes
 Posted: Sep 21 2011, 11:16 AM
Quote Post

SLF Newbie

Group: Members
Posts: 2
Member No.: 482
Joined: 18-July 11

On Friday, 23 September, at the Ekoparty security conference in Buenos Aires, researchers Juliano Rizzo and Thai Duong are planning to present a tool known as BEAST (Browser Exploit Against SSL/TLS). The tool allows an attacker on the same network to intercept and decrypt SSL cookies by performing a 'blockwise-adaptive chosen-plaintext' attackPDF on encrypted packets.

The attacker has to get the browser to send some data to the remote site over the encrypted channel. Since the attacker now has both plain and encrypted text, they are able to determine the entropy used, significantly reducing the work involved in cracking the encryption. According to comments made by Rizzo to The Register, BEAST is now able to crack an encrypted PayPal cookie in less than ten minutes.

More info here.
 Posted: Sep 27 2011, 07:37 PM
Quote Post

SLF Geek

Group: Members
Posts: 249
Member No.: 18
Joined: 11-April 11

0 User(s) are reading this topic (0 Guests and 0 Anonymous Users)
0 Members:

Topic Options Reply to this topicStart new topicStart Poll