Skip to main content

Beast tool looks to exploit HTTPS vulnerability

Online merchants using sites accessed by Secure Hypertext Transfer Protocol (HTTPS) may need to update their security processes to protect address data and other sensitive customer information.

Researchers Juliano Rizzo and Thai Duong claim to have developed a tool that exploits vulnerability in the Transport Layer Security (TLS) 1.0, which is used by countless sites.

The tool, known as the Browser Exploit Against SSL/TLS, or Beast, will be unveiled at the Ekoparty conference in Argentina this week.

A statement from the pair said that Beast exploits a vulnerability present in the TLS implementation of major web browsers.

"We also describe one application of the attack that allows an adversary to efficiently decrypt and obtain authentication tokens and cookies from HTTPS requests," it continued.

Independent security researcher Trevor Perrin told the Register that Beast is like a "cryptographic Trojan horse", describing it as a "legitimate threat" if it works as claimed.

Posted by Rachel Wheeler