SlideShare a Scribd company logo

Attack of the BEAST

Stefan Fodor
Stefan Fodor

IT Security short presentation about the BEAST attack

EducationTechnologyEntertainment & Humor
1 of 8
Download to read offline
Attack of the BEAST Stefan, Paul, Vlad
Overview • What is beast attack? • How BEAST works • Taming of the BEAST • Video demo • Questions
BEAST ATTACK • BEAST = Browser Exploit Against SSL/TSL • Decrypt HTTPS traffic • Based on SSL exploit • 10 years old flow based • Considered theoretical attack until now
How BEAST works • Java applet • CSRF • Code injection • Cookie decription
Taming of the BEAST • Firefox • Blocking Java • NoScript plug-in • Internet Explorer • Security Advisory (2588513) • Chrome • pushed out a fix through a really fast chrome update • Opera • Searching for the beast solution to implement their fix • Safari • Apple representatives did not respond to e-mail or telephone requests for comment about the Safari browser
Video Demo • http://www.youtube.com/watch?v=BTqAIDVUvrU
References • http://news.cnet.com/8301-27080_3-20113530- 245/browsers-tackle-the-beast-web-security-problem/ • https://idjh.files.wordpress.com/2011/09/beast.png • http://news.cnet.com/8301-27080_3-20113530- 245/browsers-tackle-the-beast-web-security-problem/ • http://nakedsecurity.sophos.com/2011/09/24/secure-web- browsing-cracked-by-beast • https://blogs.msdn.com/b/kaushal/archive/2011/10/03/tamin g-the-beast-browser-exploit-against-ssl-tls.aspx • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011- 3389

Recommended

Keep Your SIte Secure
Keep Your SIte SecureKeep Your SIte Secure
Keep Your SIte SecureMichele Butcher-Jones
 
8 Simple Ways to Hack Your Joomla
8 Simple Ways to Hack Your Joomla8 Simple Ways to Hack Your Joomla
8 Simple Ways to Hack Your JoomlaSiteGround.com
 
How To Build The Perfect Backtrack 4 Usb Drive
How To Build The Perfect Backtrack 4 Usb DriveHow To Build The Perfect Backtrack 4 Usb Drive
How To Build The Perfect Backtrack 4 Usb Drivekriggins
 
Secrets to a Hack-Proof Joomla Revealed
Secrets to a Hack-Proof Joomla RevealedSecrets to a Hack-Proof Joomla Revealed
Secrets to a Hack-Proof Joomla RevealedSiteGround.com
 
8 Most Popular Joomla Hacks & How To Avoid Them
8 Most Popular Joomla Hacks & How To Avoid Them8 Most Popular Joomla Hacks & How To Avoid Them
8 Most Popular Joomla Hacks & How To Avoid ThemSiteGround.com
 
8 Ways to Hack a WordPress website
8 Ways to Hack a WordPress website8 Ways to Hack a WordPress website
8 Ways to Hack a WordPress websiteSiteGround.com
 
Beginning WordPress Security WordCamp North Canton 2015
Beginning WordPress Security WordCamp North Canton 2015Beginning WordPress Security WordCamp North Canton 2015
Beginning WordPress Security WordCamp North Canton 2015Michele Butcher-Jones
 
Managing WordPress
Managing WordPressManaging WordPress
Managing WordPressSteven Watts
 

Recommended

Keep Your SIte Secure
Keep Your SIte SecureKeep Your SIte Secure
Keep Your SIte SecureMichele Butcher-Jones
 
8 Simple Ways to Hack Your Joomla
8 Simple Ways to Hack Your Joomla8 Simple Ways to Hack Your Joomla
8 Simple Ways to Hack Your JoomlaSiteGround.com
 
How To Build The Perfect Backtrack 4 Usb Drive
How To Build The Perfect Backtrack 4 Usb DriveHow To Build The Perfect Backtrack 4 Usb Drive
How To Build The Perfect Backtrack 4 Usb Drivekriggins
 
Secrets to a Hack-Proof Joomla Revealed
Secrets to a Hack-Proof Joomla RevealedSecrets to a Hack-Proof Joomla Revealed
Secrets to a Hack-Proof Joomla RevealedSiteGround.com
 
8 Most Popular Joomla Hacks & How To Avoid Them
8 Most Popular Joomla Hacks & How To Avoid Them8 Most Popular Joomla Hacks & How To Avoid Them
8 Most Popular Joomla Hacks & How To Avoid ThemSiteGround.com
 
8 Ways to Hack a WordPress website
8 Ways to Hack a WordPress website8 Ways to Hack a WordPress website
8 Ways to Hack a WordPress websiteSiteGround.com
 
Beginning WordPress Security WordCamp North Canton 2015
Beginning WordPress Security WordCamp North Canton 2015Beginning WordPress Security WordCamp North Canton 2015
Beginning WordPress Security WordCamp North Canton 2015Michele Butcher-Jones
 
Managing WordPress
Managing WordPressManaging WordPress
Managing WordPressSteven Watts
 
How to Secure your WordPress Website - WordCamp UK 2014
How to Secure your WordPress Website - WordCamp UK 2014How to Secure your WordPress Website - WordCamp UK 2014
How to Secure your WordPress Website - WordCamp UK 2014Primary Image Ltd
 
Building a low cost hack lab
Building a low cost hack labBuilding a low cost hack lab
Building a low cost hack labJoe McCray
 
Open source technologies in Microsoft cloud
Open source technologies in Microsoft cloudOpen source technologies in Microsoft cloud
Open source technologies in Microsoft cloudAlexey Bokov
 
WebGL and Real-Time Web Communication
WebGL and Real-Time Web CommunicationWebGL and Real-Time Web Communication
WebGL and Real-Time Web CommunicationPeter Moskovits
 
Joomladay Switzerland - security
Joomladay Switzerland - securityJoomladay Switzerland - security
Joomladay Switzerland - securityWilco Jansen
 
Getting ready for a Capture The Flag Hacking Competition
Getting ready for a Capture The Flag Hacking CompetitionGetting ready for a Capture The Flag Hacking Competition
Getting ready for a Capture The Flag Hacking CompetitionJoe McCray
 
Real Time With Web Sockets
Real Time With Web SocketsReal Time With Web Sockets
Real Time With Web SocketsColdFusionConference
 
Keeping Your Joomla! Site Secure
Keeping Your Joomla! Site SecureKeeping Your Joomla! Site Secure
Keeping Your Joomla! Site Securejoomladayhouston
 
A word press site even your mother can use
A word press site even your mother can useA word press site even your mother can use
A word press site even your mother can useJerrett Farmer
 
So you wanna be a pentester - free webinar to show you how
So you wanna be a pentester - free webinar to show you howSo you wanna be a pentester - free webinar to show you how
So you wanna be a pentester - free webinar to show you howJoe McCray
 
You Spent All That Money And Still Got Owned
You Spent All That Money And Still Got OwnedYou Spent All That Money And Still Got Owned
You Spent All That Money And Still Got OwnedJoe McCray
 
B wapp – bee bug – installation
B wapp – bee bug – installationB wapp – bee bug – installation
B wapp – bee bug – installationRonan Dunne, CEH, SSCP
 
Big Bang Theory: The Evolution of Pentesting High Security Environments
Big Bang Theory: The Evolution of Pentesting High Security EnvironmentsBig Bang Theory: The Evolution of Pentesting High Security Environments
Big Bang Theory: The Evolution of Pentesting High Security EnvironmentsJoe McCray
 
WordPress by a Dummy
WordPress by a DummyWordPress by a Dummy
WordPress by a DummyJerrett Farmer
 
WordPress Security 101 - WordCamp Nairobi 2019
WordPress Security 101 - WordCamp Nairobi 2019WordPress Security 101 - WordCamp Nairobi 2019
WordPress Security 101 - WordCamp Nairobi 2019stk_jj
 
Wireless Pentesting: It's more than cracking WEP
Wireless Pentesting: It's more than cracking WEPWireless Pentesting: It's more than cracking WEP
Wireless Pentesting: It's more than cracking WEPJoe McCray
 
WordPress security for everyone
WordPress security for everyoneWordPress security for everyone
WordPress security for everyoneVladimír Smitka
 
WordPress Security - The "No-BS" Version
WordPress Security - The "No-BS" VersionWordPress Security - The "No-BS" Version
WordPress Security - The "No-BS" VersionTony Perez
 
SANS 2015 - Superbees Wanted
SANS 2015 - Superbees WantedSANS 2015 - Superbees Wanted
SANS 2015 - Superbees WantedMalik Mesellem
 
Vault and Security as a Service
Vault and Security as a ServiceVault and Security as a Service
Vault and Security as a ServicePatrick Shields
 
Web sockets in java EE 7 - JavaOne 2013
Web sockets in java EE 7 - JavaOne 2013Web sockets in java EE 7 - JavaOne 2013
Web sockets in java EE 7 - JavaOne 2013Siva Arunachalam
 
Attacking with html5(lava kumar)
Attacking with html5(lava kumar)Attacking with html5(lava kumar)
Attacking with html5(lava kumar)ClubHack
 

More Related Content

What's hot

How to Secure your WordPress Website - WordCamp UK 2014
How to Secure your WordPress Website - WordCamp UK 2014How to Secure your WordPress Website - WordCamp UK 2014
How to Secure your WordPress Website - WordCamp UK 2014Primary Image Ltd
 
Building a low cost hack lab
Building a low cost hack labBuilding a low cost hack lab
Building a low cost hack labJoe McCray
 
Open source technologies in Microsoft cloud
Open source technologies in Microsoft cloudOpen source technologies in Microsoft cloud
Open source technologies in Microsoft cloudAlexey Bokov
 
WebGL and Real-Time Web Communication
WebGL and Real-Time Web CommunicationWebGL and Real-Time Web Communication
WebGL and Real-Time Web CommunicationPeter Moskovits
 
Joomladay Switzerland - security
Joomladay Switzerland - securityJoomladay Switzerland - security
Joomladay Switzerland - securityWilco Jansen
 
Getting ready for a Capture The Flag Hacking Competition
Getting ready for a Capture The Flag Hacking CompetitionGetting ready for a Capture The Flag Hacking Competition
Getting ready for a Capture The Flag Hacking CompetitionJoe McCray
 
Keeping Your Joomla! Site Secure
Keeping Your Joomla! Site SecureKeeping Your Joomla! Site Secure
Keeping Your Joomla! Site Securejoomladayhouston
 
A word press site even your mother can use
A word press site even your mother can useA word press site even your mother can use
A word press site even your mother can useJerrett Farmer
 
So you wanna be a pentester - free webinar to show you how
So you wanna be a pentester - free webinar to show you howSo you wanna be a pentester - free webinar to show you how
So you wanna be a pentester - free webinar to show you howJoe McCray
 
You Spent All That Money And Still Got Owned
You Spent All That Money And Still Got OwnedYou Spent All That Money And Still Got Owned
You Spent All That Money And Still Got OwnedJoe McCray
 
Big Bang Theory: The Evolution of Pentesting High Security Environments
Big Bang Theory: The Evolution of Pentesting High Security EnvironmentsBig Bang Theory: The Evolution of Pentesting High Security Environments
Big Bang Theory: The Evolution of Pentesting High Security EnvironmentsJoe McCray
 
WordPress Security 101 - WordCamp Nairobi 2019
WordPress Security 101 - WordCamp Nairobi 2019WordPress Security 101 - WordCamp Nairobi 2019
WordPress Security 101 - WordCamp Nairobi 2019stk_jj
 
Wireless Pentesting: It's more than cracking WEP
Wireless Pentesting: It's more than cracking WEPWireless Pentesting: It's more than cracking WEP
Wireless Pentesting: It's more than cracking WEPJoe McCray
 
WordPress security for everyone
WordPress security for everyoneWordPress security for everyone
WordPress security for everyoneVladimír Smitka
 
WordPress Security - The "No-BS" Version
WordPress Security - The "No-BS" VersionWordPress Security - The "No-BS" Version
WordPress Security - The "No-BS" VersionTony Perez
 
SANS 2015 - Superbees Wanted
SANS 2015 - Superbees WantedSANS 2015 - Superbees Wanted
SANS 2015 - Superbees WantedMalik Mesellem
 
Vault and Security as a Service
Vault and Security as a ServiceVault and Security as a Service
Vault and Security as a ServicePatrick Shields
 

What's hot (20)

How to Secure your WordPress Website - WordCamp UK 2014
How to Secure your WordPress Website - WordCamp UK 2014How to Secure your WordPress Website - WordCamp UK 2014
How to Secure your WordPress Website - WordCamp UK 2014
 
Building a low cost hack lab
Building a low cost hack labBuilding a low cost hack lab
Building a low cost hack lab
 
Open source technologies in Microsoft cloud
Open source technologies in Microsoft cloudOpen source technologies in Microsoft cloud
Open source technologies in Microsoft cloud
 
WebGL and Real-Time Web Communication
WebGL and Real-Time Web CommunicationWebGL and Real-Time Web Communication
WebGL and Real-Time Web Communication
 
Joomladay Switzerland - security
Joomladay Switzerland - securityJoomladay Switzerland - security
Joomladay Switzerland - security
 
Getting ready for a Capture The Flag Hacking Competition
Getting ready for a Capture The Flag Hacking CompetitionGetting ready for a Capture The Flag Hacking Competition
Getting ready for a Capture The Flag Hacking Competition
 
Real Time With Web Sockets
Real Time With Web SocketsReal Time With Web Sockets
Real Time With Web Sockets
 
Keeping Your Joomla! Site Secure
Keeping Your Joomla! Site SecureKeeping Your Joomla! Site Secure
Keeping Your Joomla! Site Secure
 
A word press site even your mother can use
A word press site even your mother can useA word press site even your mother can use
A word press site even your mother can use
 
So you wanna be a pentester - free webinar to show you how
So you wanna be a pentester - free webinar to show you howSo you wanna be a pentester - free webinar to show you how
So you wanna be a pentester - free webinar to show you how
 
You Spent All That Money And Still Got Owned
You Spent All That Money And Still Got OwnedYou Spent All That Money And Still Got Owned
You Spent All That Money And Still Got Owned
 
B wapp – bee bug – installation
B wapp – bee bug – installationB wapp – bee bug – installation
B wapp – bee bug – installation
 
Big Bang Theory: The Evolution of Pentesting High Security Environments
Big Bang Theory: The Evolution of Pentesting High Security EnvironmentsBig Bang Theory: The Evolution of Pentesting High Security Environments
Big Bang Theory: The Evolution of Pentesting High Security Environments
 
WordPress by a Dummy
WordPress by a DummyWordPress by a Dummy
WordPress by a Dummy
 
WordPress Security 101 - WordCamp Nairobi 2019
WordPress Security 101 - WordCamp Nairobi 2019WordPress Security 101 - WordCamp Nairobi 2019
WordPress Security 101 - WordCamp Nairobi 2019
 
Wireless Pentesting: It's more than cracking WEP
Wireless Pentesting: It's more than cracking WEPWireless Pentesting: It's more than cracking WEP
Wireless Pentesting: It's more than cracking WEP
 
WordPress security for everyone
WordPress security for everyoneWordPress security for everyone
WordPress security for everyone
 
WordPress Security - The "No-BS" Version
WordPress Security - The "No-BS" VersionWordPress Security - The "No-BS" Version
WordPress Security - The "No-BS" Version
 
SANS 2015 - Superbees Wanted
SANS 2015 - Superbees WantedSANS 2015 - Superbees Wanted
SANS 2015 - Superbees Wanted
 
Vault and Security as a Service
Vault and Security as a ServiceVault and Security as a Service
Vault and Security as a Service
 

Similar to Attack of the BEAST

Web sockets in java EE 7 - JavaOne 2013
Web sockets in java EE 7 - JavaOne 2013Web sockets in java EE 7 - JavaOne 2013
Web sockets in java EE 7 - JavaOne 2013Siva Arunachalam
 
Attacking with html5(lava kumar)
Attacking with html5(lava kumar)Attacking with html5(lava kumar)
Attacking with html5(lava kumar)ClubHack
 
proxy2: HTTPS pins and needles
proxy2: HTTPS pins and needlesproxy2: HTTPS pins and needles
proxy2: HTTPS pins and needlesinaz2
 
Domino Security - not knowing is not an option (2016 edition)
Domino Security - not knowing is not an option (2016 edition)Domino Security - not knowing is not an option (2016 edition)
Domino Security - not knowing is not an option (2016 edition)Darren Duke
 
WebRTC Overview
WebRTC OverviewWebRTC Overview
WebRTC OverviewArin Sime
 
libinjection: from SQLi to XSS  by Nick Galbreath
libinjection: from SQLi to XSS  by Nick Galbreathlibinjection: from SQLi to XSS  by Nick Galbreath
libinjection: from SQLi to XSS  by Nick GalbreathCODE BLUE
 
HTML5 Real Time and WebSocket Code Lab (SFHTML5, GTUGSF)
HTML5 Real Time and WebSocket Code Lab (SFHTML5, GTUGSF)HTML5 Real Time and WebSocket Code Lab (SFHTML5, GTUGSF)
HTML5 Real Time and WebSocket Code Lab (SFHTML5, GTUGSF)Peter Lubbers
 
Patterns and antipatterns in Docker image lifecycle as was presented at Devop...
Patterns and antipatterns in Docker image lifecycle as was presented at Devop...Patterns and antipatterns in Docker image lifecycle as was presented at Devop...
Patterns and antipatterns in Docker image lifecycle as was presented at Devop...Baruch Sadogursky
 
[edUiconf] HTML5 does all that… and i can haz cheeseburger? You bet!
[edUiconf] HTML5 does all that… and i can haz cheeseburger? You bet![edUiconf] HTML5 does all that… and i can haz cheeseburger? You bet!
[edUiconf] HTML5 does all that… and i can haz cheeseburger? You bet!Christopher Schmitt
 
Hack & Fix, Hands on ColdFusion Security Training
Hack & Fix, Hands on ColdFusion Security TrainingHack & Fix, Hands on ColdFusion Security Training
Hack & Fix, Hands on ColdFusion Security TrainingColdFusionConference
 
Security in OSS DevOps
Security in OSS DevOpsSecurity in OSS DevOps
Security in OSS DevOpsCheah Eng Soon
 
雲端影音與物聯網平台的軟體工程挑戰:以 Skywatch 為例-陳維超
雲端影音與物聯網平台的軟體工程挑戰:以 Skywatch 為例-陳維超雲端影音與物聯網平台的軟體工程挑戰:以 Skywatch 為例-陳維超
雲端影音與物聯網平台的軟體工程挑戰:以 Skywatch 為例-陳維超台灣資料科學年會
 
Evolution of WAF - Stop Worrying About Vulnerabilities
Evolution of WAF - Stop Worrying About VulnerabilitiesEvolution of WAF - Stop Worrying About Vulnerabilities
Evolution of WAF - Stop Worrying About VulnerabilitiesBrian A. McHenry
 
Creating Secure Web Apps: What Every Developer Needs to Know About HTTPS Today
Creating Secure Web Apps: What Every Developer Needs to Know About HTTPS TodayCreating Secure Web Apps: What Every Developer Needs to Know About HTTPS Today
Creating Secure Web Apps: What Every Developer Needs to Know About HTTPS TodayHeroku
 
Frontend tooling and workflows
Frontend tooling and workflowsFrontend tooling and workflows
Frontend tooling and workflowsDmitry Semigradsky
 
HTML5 video & Amazon elastic transcoder - FCIP August 2014
HTML5 video & Amazon elastic transcoder - FCIP August 2014HTML5 video & Amazon elastic transcoder - FCIP August 2014
HTML5 video & Amazon elastic transcoder - FCIP August 2014RZasadzinski
 
The Hacker's Guide To Session Hijacking
The Hacker's Guide To Session HijackingThe Hacker's Guide To Session Hijacking
The Hacker's Guide To Session HijackingPatrycja Wegrzynowicz
 
Building Secure User Interfaces With JWTs
Building Secure User Interfaces With JWTsBuilding Secure User Interfaces With JWTs
Building Secure User Interfaces With JWTsrobertjd
 
Multimedia on the web - HTML5 video and audio
Multimedia on the web - HTML5 video and audioMultimedia on the web - HTML5 video and audio
Multimedia on the web - HTML5 video and audioChristian Heilmann
 

Similar to Attack of the BEAST (20)

Web sockets in java EE 7 - JavaOne 2013
Web sockets in java EE 7 - JavaOne 2013Web sockets in java EE 7 - JavaOne 2013
Web sockets in java EE 7 - JavaOne 2013
 
Attacking with html5(lava kumar)
Attacking with html5(lava kumar)Attacking with html5(lava kumar)
Attacking with html5(lava kumar)
 
proxy2: HTTPS pins and needles
proxy2: HTTPS pins and needlesproxy2: HTTPS pins and needles
proxy2: HTTPS pins and needles
 
Domino Security - not knowing is not an option (2016 edition)
Domino Security - not knowing is not an option (2016 edition)Domino Security - not knowing is not an option (2016 edition)
Domino Security - not knowing is not an option (2016 edition)
 
WebRTC Overview
WebRTC OverviewWebRTC Overview
WebRTC Overview
 
libinjection: from SQLi to XSS  by Nick Galbreath
libinjection: from SQLi to XSS  by Nick Galbreathlibinjection: from SQLi to XSS  by Nick Galbreath
libinjection: from SQLi to XSS  by Nick Galbreath
 
[amigos] HTML5 and CSS3
[amigos] HTML5 and CSS3[amigos] HTML5 and CSS3
[amigos] HTML5 and CSS3
 
HTML5 Real Time and WebSocket Code Lab (SFHTML5, GTUGSF)
HTML5 Real Time and WebSocket Code Lab (SFHTML5, GTUGSF)HTML5 Real Time and WebSocket Code Lab (SFHTML5, GTUGSF)
HTML5 Real Time and WebSocket Code Lab (SFHTML5, GTUGSF)
 
Patterns and antipatterns in Docker image lifecycle as was presented at Devop...
Patterns and antipatterns in Docker image lifecycle as was presented at Devop...Patterns and antipatterns in Docker image lifecycle as was presented at Devop...
Patterns and antipatterns in Docker image lifecycle as was presented at Devop...
 
[edUiconf] HTML5 does all that… and i can haz cheeseburger? You bet!
[edUiconf] HTML5 does all that… and i can haz cheeseburger? You bet![edUiconf] HTML5 does all that… and i can haz cheeseburger? You bet!
[edUiconf] HTML5 does all that… and i can haz cheeseburger? You bet!
 
Hack & Fix, Hands on ColdFusion Security Training
Hack & Fix, Hands on ColdFusion Security TrainingHack & Fix, Hands on ColdFusion Security Training
Hack & Fix, Hands on ColdFusion Security Training
 
Security in OSS DevOps
Security in OSS DevOpsSecurity in OSS DevOps
Security in OSS DevOps
 
雲端影音與物聯網平台的軟體工程挑戰:以 Skywatch 為例-陳維超
雲端影音與物聯網平台的軟體工程挑戰:以 Skywatch 為例-陳維超雲端影音與物聯網平台的軟體工程挑戰:以 Skywatch 為例-陳維超
雲端影音與物聯網平台的軟體工程挑戰:以 Skywatch 為例-陳維超
 
Evolution of WAF - Stop Worrying About Vulnerabilities
Evolution of WAF - Stop Worrying About VulnerabilitiesEvolution of WAF - Stop Worrying About Vulnerabilities
Evolution of WAF - Stop Worrying About Vulnerabilities
 
Creating Secure Web Apps: What Every Developer Needs to Know About HTTPS Today
Creating Secure Web Apps: What Every Developer Needs to Know About HTTPS TodayCreating Secure Web Apps: What Every Developer Needs to Know About HTTPS Today
Creating Secure Web Apps: What Every Developer Needs to Know About HTTPS Today
 
Frontend tooling and workflows
Frontend tooling and workflowsFrontend tooling and workflows
Frontend tooling and workflows
 
HTML5 video & Amazon elastic transcoder - FCIP August 2014
HTML5 video & Amazon elastic transcoder - FCIP August 2014HTML5 video & Amazon elastic transcoder - FCIP August 2014
HTML5 video & Amazon elastic transcoder - FCIP August 2014
 
The Hacker's Guide To Session Hijacking
The Hacker's Guide To Session HijackingThe Hacker's Guide To Session Hijacking
The Hacker's Guide To Session Hijacking
 
Building Secure User Interfaces With JWTs
Building Secure User Interfaces With JWTsBuilding Secure User Interfaces With JWTs
Building Secure User Interfaces With JWTs
 
Multimedia on the web - HTML5 video and audio
Multimedia on the web - HTML5 video and audioMultimedia on the web - HTML5 video and audio
Multimedia on the web - HTML5 video and audio
 

More from Stefan Fodor

Coding Gateway - Exam Stefan
Coding Gateway - Exam StefanCoding Gateway - Exam Stefan
Coding Gateway - Exam StefanStefan Fodor
 
Collaboration Tools and Methods in Software Development
Collaboration Tools and Methods in Software DevelopmentCollaboration Tools and Methods in Software Development
Collaboration Tools and Methods in Software DevelopmentStefan Fodor
 
Risk assesment IT Security project
Risk assesment IT Security projectRisk assesment IT Security project
Risk assesment IT Security projectStefan Fodor
 
It Security Project
It Security ProjectIt Security Project
It Security ProjectStefan Fodor
 
Protocols for Embedded Node
Protocols for Embedded NodeProtocols for Embedded Node
Protocols for Embedded NodeStefan Fodor
 
Lillebaelt Academy - ro
Lillebaelt Academy - roLillebaelt Academy - ro
Lillebaelt Academy - roStefan Fodor
 
Side channel attacks
Side channel attacksSide channel attacks
Side channel attacksStefan Fodor
 
Special Subject 1+2: RoR 2
Special Subject 1+2: RoR 2Special Subject 1+2: RoR 2
Special Subject 1+2: RoR 2Stefan Fodor
 
Reconnaissance software
Reconnaissance software Reconnaissance software
Reconnaissance software Stefan Fodor
 
Special Subject 1+2: RoR 1
Special Subject 1+2: RoR 1Special Subject 1+2: RoR 1
Special Subject 1+2: RoR 1Stefan Fodor
 
Network telnet ssh
Network telnet sshNetwork telnet ssh
Network telnet sshStefan Fodor
 

More from Stefan Fodor (20)

Coding Gateway - Exam Stefan
Coding Gateway - Exam StefanCoding Gateway - Exam Stefan
Coding Gateway - Exam Stefan
 
Collaboration Tools and Methods in Software Development
Collaboration Tools and Methods in Software DevelopmentCollaboration Tools and Methods in Software Development
Collaboration Tools and Methods in Software Development
 
PacMan Rebourn
PacMan RebournPacMan Rebourn
PacMan Rebourn
 
Risk assesment IT Security project
Risk assesment IT Security projectRisk assesment IT Security project
Risk assesment IT Security project
 
It Security Project
It Security ProjectIt Security Project
It Security Project
 
Squash that Bug!
Squash that Bug!Squash that Bug!
Squash that Bug!
 
Protocols for Embedded Node
Protocols for Embedded NodeProtocols for Embedded Node
Protocols for Embedded Node
 
Qualys Threads
Qualys ThreadsQualys Threads
Qualys Threads
 
2FLogin
2FLogin2FLogin
2FLogin
 
Lillebaelt Academy - ro
Lillebaelt Academy - roLillebaelt Academy - ro
Lillebaelt Academy - ro
 
Ruby on Rails 3
Ruby on Rails 3Ruby on Rails 3
Ruby on Rails 3
 
Side channel attacks
Side channel attacksSide channel attacks
Side channel attacks
 
Special Subject 1+2: RoR 2
Special Subject 1+2: RoR 2Special Subject 1+2: RoR 2
Special Subject 1+2: RoR 2
 
dry_run_exam
dry_run_examdry_run_exam
dry_run_exam
 
Facebook
FacebookFacebook
Facebook
 
Logs
LogsLogs
Logs
 
Reconnaissance software
Reconnaissance software Reconnaissance software
Reconnaissance software
 
Special Subject 1+2: RoR 1
Special Subject 1+2: RoR 1Special Subject 1+2: RoR 1
Special Subject 1+2: RoR 1
 
Network proj 1.1
Network proj 1.1Network proj 1.1
Network proj 1.1
 
Network telnet ssh
Network telnet sshNetwork telnet ssh
Network telnet ssh
 

Recently uploaded

Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Jisc
 
Roles & Responsibilities in Pharmacovigilance
Roles & Responsibilities in PharmacovigilanceRoles & Responsibilities in Pharmacovigilance
Roles & Responsibilities in PharmacovigilanceSamikshaHamane
 
What is Model Inheritance in Odoo 17 ERP
What is Model Inheritance in Odoo 17 ERPWhat is Model Inheritance in Odoo 17 ERP
What is Model Inheritance in Odoo 17 ERPCeline George
 
ANG SEKTOR NG agrikultura.pptx QUARTER 4
ANG SEKTOR NG agrikultura.pptx QUARTER 4ANG SEKTOR NG agrikultura.pptx QUARTER 4
ANG SEKTOR NG agrikultura.pptx QUARTER 4MiaBumagat1
 
ACC 2024 Chronicles. Cardiology. Exam.pdf
ACC 2024 Chronicles. Cardiology. Exam.pdfACC 2024 Chronicles. Cardiology. Exam.pdf
ACC 2024 Chronicles. Cardiology. Exam.pdfSpandanaRallapalli
 
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...JhezDiaz1
 
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTS
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTSGRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTS
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTSJoshuaGantuangco2
 
Influencing policy (training slides from Fast Track Impact)
Influencing policy (training slides from Fast Track Impact)Influencing policy (training slides from Fast Track Impact)
Influencing policy (training slides from Fast Track Impact)Mark Reed
 
Choosing the Right CBSE School A Comprehensive Guide for Parents
Choosing the Right CBSE School A Comprehensive Guide for ParentsChoosing the Right CBSE School A Comprehensive Guide for Parents
Choosing the Right CBSE School A Comprehensive Guide for Parentsnavabharathschool99
 
Gas measurement O2,Co2,& ph) 04/2024.pptx
Gas measurement O2,Co2,& ph) 04/2024.pptxGas measurement O2,Co2,& ph) 04/2024.pptx
Gas measurement O2,Co2,& ph) 04/2024.pptxDr.Ibrahim Hassaan
 
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...Postal Advocate Inc.
 
Grade 9 Q4-MELC1-Active and Passive Voice.pptx
Grade 9 Q4-MELC1-Active and Passive Voice.pptxGrade 9 Q4-MELC1-Active and Passive Voice.pptx
Grade 9 Q4-MELC1-Active and Passive Voice.pptxChelloAnnAsuncion2
 
DATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginnersDATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginnersSabitha Banu
 
Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17Celine George
 
Field Attribute Index Feature in Odoo 17
Field Attribute Index Feature in Odoo 17Field Attribute Index Feature in Odoo 17
Field Attribute Index Feature in Odoo 17Celine George
 
ENGLISH6-Q4-W3.pptxqurter our high choom
ENGLISH6-Q4-W3.pptxqurter our high choomENGLISH6-Q4-W3.pptxqurter our high choom
ENGLISH6-Q4-W3.pptxqurter our high choomnelietumpap1
 
Keynote by Prof. Wurzer at Nordex about IP-design
Keynote by Prof. Wurzer at Nordex about IP-designKeynote by Prof. Wurzer at Nordex about IP-design
Keynote by Prof. Wurzer at Nordex about IP-designMIPLM
 

Recently uploaded (20)

Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...
 
Roles & Responsibilities in Pharmacovigilance
Roles & Responsibilities in PharmacovigilanceRoles & Responsibilities in Pharmacovigilance
Roles & Responsibilities in Pharmacovigilance
 
What is Model Inheritance in Odoo 17 ERP
What is Model Inheritance in Odoo 17 ERPWhat is Model Inheritance in Odoo 17 ERP
What is Model Inheritance in Odoo 17 ERP
 
ANG SEKTOR NG agrikultura.pptx QUARTER 4
ANG SEKTOR NG agrikultura.pptx QUARTER 4ANG SEKTOR NG agrikultura.pptx QUARTER 4
ANG SEKTOR NG agrikultura.pptx QUARTER 4
 
ACC 2024 Chronicles. Cardiology. Exam.pdf
ACC 2024 Chronicles. Cardiology. Exam.pdfACC 2024 Chronicles. Cardiology. Exam.pdf
ACC 2024 Chronicles. Cardiology. Exam.pdf
 
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
 
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTS
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTSGRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTS
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTS
 
YOUVE_GOT_EMAIL_PRELIMS_EL_DORADO_2024.pptx
YOUVE_GOT_EMAIL_PRELIMS_EL_DORADO_2024.pptxYOUVE_GOT_EMAIL_PRELIMS_EL_DORADO_2024.pptx
YOUVE_GOT_EMAIL_PRELIMS_EL_DORADO_2024.pptx
 
Influencing policy (training slides from Fast Track Impact)
Influencing policy (training slides from Fast Track Impact)Influencing policy (training slides from Fast Track Impact)
Influencing policy (training slides from Fast Track Impact)
 
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
 
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdfTataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
 
Choosing the Right CBSE School A Comprehensive Guide for Parents
Choosing the Right CBSE School A Comprehensive Guide for ParentsChoosing the Right CBSE School A Comprehensive Guide for Parents
Choosing the Right CBSE School A Comprehensive Guide for Parents
 
Gas measurement O2,Co2,& ph) 04/2024.pptx
Gas measurement O2,Co2,& ph) 04/2024.pptxGas measurement O2,Co2,& ph) 04/2024.pptx
Gas measurement O2,Co2,& ph) 04/2024.pptx
 
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
 
Grade 9 Q4-MELC1-Active and Passive Voice.pptx
Grade 9 Q4-MELC1-Active and Passive Voice.pptxGrade 9 Q4-MELC1-Active and Passive Voice.pptx
Grade 9 Q4-MELC1-Active and Passive Voice.pptx
 
DATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginnersDATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginners
 
Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17
 
Field Attribute Index Feature in Odoo 17
Field Attribute Index Feature in Odoo 17Field Attribute Index Feature in Odoo 17
Field Attribute Index Feature in Odoo 17
 
ENGLISH6-Q4-W3.pptxqurter our high choom
ENGLISH6-Q4-W3.pptxqurter our high choomENGLISH6-Q4-W3.pptxqurter our high choom
ENGLISH6-Q4-W3.pptxqurter our high choom
 
Keynote by Prof. Wurzer at Nordex about IP-design
Keynote by Prof. Wurzer at Nordex about IP-designKeynote by Prof. Wurzer at Nordex about IP-design
Keynote by Prof. Wurzer at Nordex about IP-design
 

Attack of the BEAST

  • 1. Attack of the BEAST Stefan, Paul, Vlad
  • 2. Overview • What is beast attack? • How BEAST works • Taming of the BEAST • Video demo • Questions
  • 3. BEAST ATTACK • BEAST = Browser Exploit Against SSL/TSL • Decrypt HTTPS traffic • Based on SSL exploit • 10 years old flow based • Considered theoretical attack until now
  • 4. How BEAST works • Java applet • CSRF • Code injection • Cookie decription
  • 5. Taming of the BEAST • Firefox • Blocking Java • NoScript plug-in • Internet Explorer • Security Advisory (2588513) • Chrome • pushed out a fix through a really fast chrome update • Opera • Searching for the beast solution to implement their fix • Safari • Apple representatives did not respond to e-mail or telephone requests for comment about the Safari browser
  • 7.
  • 8. References • http://news.cnet.com/8301-27080_3-20113530- 245/browsers-tackle-the-beast-web-security-problem/ • https://idjh.files.wordpress.com/2011/09/beast.png • http://news.cnet.com/8301-27080_3-20113530- 245/browsers-tackle-the-beast-web-security-problem/ • http://nakedsecurity.sophos.com/2011/09/24/secure-web- browsing-cracked-by-beast • https://blogs.msdn.com/b/kaushal/archive/2011/10/03/tamin g-the-beast-browser-exploit-against-ssl-tls.aspx • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011- 3389