The BEAST’s reign of terror may soon be over. The more this topic is discussed, the less vulnerable we appear to be. Adrian Dimcev states in his blog, “Although the attack itself is pretty neat and the demo looks scary, its practicality is very low; the average user would probably not need to worry about.” Taher Elgamal, a creator of SSL, states that the BEAST attack is “technically clever,” but “very over-sold.”
Other industry experts, such as Ivan Ristić of SSL Labs and Steve Dispensa of PhoneFactor, offer their BEAST risk-mitigating strategies in their blogs, which mainly involves the prioritization of RC4 cipher suites. PhoneFactor provides a whitepaper detailing the approach and Microsoft has similar advice regarding RC4 on their post about Security Advisory 2588513.
The lesson of the BEAST is that implementers of SSL/TLS need to keep moving ahead and support the latest versions of the protocol to help mitigate the next BEAST. TLS 1.1 is more than five years old, not vulnerable to the BEAST attack, and yet is not ubiquitously supported by Web servers and browsers. If, as a result, TLS 1.1 and 1.2 achieve support in our SSL/TLS deployments, then the BEAST has served us well.