{"id":267,"date":"2011-09-26T08:14:21","date_gmt":"2011-09-26T12:14:21","guid":{"rendered":"http:\/\/www.digitalundercurrents.com\/blog\/?p=267"},"modified":"2011-09-26T08:14:21","modified_gmt":"2011-09-26T12:14:21","slug":"beast","status":"publish","type":"post","link":"http:\/\/www.digitalundercurrents.com\/blog\/?p=267","title":{"rendered":"BEAST"},"content":{"rendered":"<p>Poor SSL. It&#8217;s been the standard for so long, but it&#8217;s had a rough go of it the last few months. First there were the breaches at Comodo and Diginotar, allowing intruders to generate seemingly-authentic certs to trick users, and <a href=\"http:\/\/informationweek.com\/news\/security\/vulnerabilities\/231601759\">now this<\/a>.<\/p>\n<blockquote><p>In particular, security researchers Juliano Rizzo and Thai Duong have built a tool that&#8217;s capable of decrypting and obtaining the authentication tokens and cookies used in many websites&#8217; HTTPS requests. &#8220;Our exploit abuses a vulnerability present in the SSL\/TLS implementation of major Web browsers at the time of writing,&#8221; they said.<\/p>\n<p>&#8230;<\/p>\n<p>To illustrate the vulnerability they&#8217;ve discovered and automatically harvest authentication tokens and cookies, the researchers said they&#8217;ve also built a JavaScript-based tool dubbed BEAST, for Browser Exploit Against SSL\/TLS. &#8220;It is worth noting that the vulnerability that BEAST exploits has been [present] since the very first version of SSL. Most people in the crypto and security community have concluded that it is non-exploitable, that&#8217;s why it has been largely ignored for many years,&#8221; Duong told Threatpost.<\/p><\/blockquote>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Poor SSL. It&#8217;s been the standard for so long, but it&#8217;s had a rough go of it the last few months. First there were the breaches at Comodo and Diginotar, allowing intruders to generate seemingly-authentic certs to trick users, and now this. In particular, security researchers Juliano Rizzo and Thai Duong have built a tool [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[14,16],"tags":[],"class_list":["post-267","post","type-post","status-publish","format-standard","hentry","category-exploits","category-tools"],"_links":{"self":[{"href":"http:\/\/www.digitalundercurrents.com\/blog\/index.php?rest_route=\/wp\/v2\/posts\/267","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.digitalundercurrents.com\/blog\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.digitalundercurrents.com\/blog\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.digitalundercurrents.com\/blog\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/www.digitalundercurrents.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=267"}],"version-history":[{"count":0,"href":"http:\/\/www.digitalundercurrents.com\/blog\/index.php?rest_route=\/wp\/v2\/posts\/267\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.digitalundercurrents.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=267"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.digitalundercurrents.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=267"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.digitalundercurrents.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=267"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}