One year on, SSL servers STILL cower before the BEAST

The latest monthly survey by the SSL Labs project has discovered that many SSL sites remain vulnerable to the BEAST attack, more than a year after the underlying vulnerability was demonstrated by security researchers. BEAST is short for Browser Exploit Against SSL/TLS. The stealthy piece of JavaScript works with a network …

Posted Thursday 18th October 2012 10:39 GMT

JDX

JS speed

Do any of these exploits require any sort of brute-force or CPU-intensive stuff which would be far easier with the massive improvements in JS performance? I wondered if new vulnerabilities might be a side-effect of the JS 'arms race' between Chrome, IE and FF.

Posted Thursday 18th October 2012 10:58 GMT

Charles 9

Re: JS speed

CRIME is a side-effect. It's a side-channel attack that tries to determine the cookie by sniffing for encryption optimizations in the SSL/TLS channel. Compressing the channel to optimize transmission was part of the optimization rush, but it resulted in the side channel.

Posted Thursday 18th October 2012 19:37 GMT

Stevie

Bah!

Get Rid Of Useless JavaScript Now!

Posted Thursday 18th October 2012 20:22 GMT

Anonymous Coward

Re: Bah!

GROUJSN? Worst initialism ever.

Posted Friday 19th October 2012 14:55 GMT

EJ

Qualys laughs at your BEAST

Even if your banking website is vulnerable, you still get an 'A'...

https://www.ssllabs.com/ssltest/analyze.html?d=onlinesefcu.com

• Privacy
• Advertise with Us
• Company Info

© Copyright 1998–2013