BEAST developers come up with new SSL/TLS attack

By | September 9, 2012

Source: Help Net Security

In this article “From the security researchers who created and demonstrated the BEAST (Browser Exploit Against SSL/TLS) tool for breaking SSL/TLS encryption comes another attack that exploits a flaw in a feature in all versions of TLS.

Dubbed CRIME by the researchers Juliano Rizzo and Thai Duong, the attack supposedly works similarly to the BEAST attack, and will be presented for the first time to the public during the ekoparty Security conference which is to be held in Argentina later this month.

Without wanting to reveal much about the soon-to be unveiled attack, the researchers shared that the feature in question leaks information that can be used to decrypt user cookies, extract the login information contained in them and hijack their sessions.”

Leave a Reply