Tag Archives: BEAST

RC4, CBC, what the …?

March 27, 2013 by Bruce Morton     No Comments

BEAST & Lucky Thirteen attacks said, “Prioritize RC4 cipher suite.” AlFBPPS attack said, “RC4 is old and crummy. CBC-mode would be better.”

RC4 Attack in SSL/TLS

March 19, 2013 by Bruce Morton     1 Comment

The team of Nadhem AlFardan, Dan Bernstein, Kenny Paterson, Bertram Poettering and Jacob Schuldt published an RC4 encryption attack in SSL/TLS.

Filed Under: Secure Browsing, SSL, SSL Deployment Tagged With: BEAST, CBC, encryption

CRIME Attack on SSL/TLS

September 10, 2012 by Bruce Morton     No Comments

The security researchers who brought us BEAST now have a new SSL/TLS attack: CRIME. I would like to know what the acronym CRIME stands for, but we’ll probably have to wait until Juliano Rizzo and Thai Duong present their work at Ekoparty Security Conference later this month. Little information about the attack has been published. [Read More...]

BEAST and RC4

July 18, 2012 by Bruce Morton     No Comments

In order to mitigate a BEAST attack, the advice is to prioritize RC4 cipher suites on your Web server to avoid the use of vulnerable cypher block chaining (CBC) suites. But how well do the clients support RC4? Ivan Ristić of Qualys did some tests at SSL Labs and saw that only 45 of 48,481 unique [Read More...]

Don’t fear the BEAST

October 25, 2011 by Jon Callas     No Comments

A few weeks ago, Juliano Rizzo and Thai Duong published a paper on an SSL attack that they call BEAST, which decrypts parts of an SSL connection. Before I discuss it at length, let me cut to the chase on it. Q: Is this something that you need to worry about? A: No. Here’s a [Read More...]

Filed Under: Secure Browsing, SSL Tagged With: Chrome, Firefox, IE

Taming the BEAST

October 18, 2011 by Bruce Morton     No Comments

The BEAST’s reign of terror may soon be over. The more this topic is discussed, the less vulnerable we appear to be. Adrian Dimcev states in his blog, “Although the attack itself is pretty neat and the demo looks scary, its practicality is very low; the average user would probably not need to worry about.” [Read More...]

Filed Under: SSL Deployment Tagged With: RC4, SSL, TLS

BEAST: Attacking SSL/TLS

October 6, 2011 by Bruce Morton     1 Comment

In the wake of the DigiNotar comprise comes BEAST, the latest attack on the SSL/TLS protocol — specifically SSL 3.0 (1996) and TLS 1.0 (1999). The recent attacks on certification authorities (CA) such as Comodo, StartCom, DigiNotar and GlobalSign were attempts to get the CAs to issue fraudulent SSL certificates. BEAST is not used to [Read More...]

Filed Under: Secure Browsing, SSL, SSL Deployment Tagged With: SSL, TLS