Skip to main content

Beast tool looks to exploit HTTPS vulnerability

Rachel Wheeler

September 21, 2011

Archive

Online merchants using sites accessed by Secure Hypertext Transfer Protocol (HTTPS) may need to update their security processes to protect address data and other sensitive customer information.

Researchers Juliano Rizzo and Thai Duong claim to have developed a tool that exploits vulnerability in the Transport Layer Security (TLS) 1.0, which is used by countless sites.

The tool, known as the Browser Exploit Against SSL/TLS, or Beast, will be unveiled at the Ekoparty conference in Argentina this week.

A statement from the pair said that Beast exploits a vulnerability present in the TLS implementation of major web browsers.

"We also describe one application of the attack that allows an adversary to efficiently decrypt and obtain authentication tokens and cookies from HTTPS requests," it continued.

Independent security researcher Trevor Perrin told the Register that Beast is like a "cryptographic Trojan horse", describing it as a "legitimate threat" if it works as claimed.

Posted by Rachel Wheeler
 ADNFCR-2366-ID-800736209-ADNFCR

Copyright ©, 2014-2017. All rights reserved.

125 Summer St Ste 1910, Boston MA 02110-1615, US