A PAIR OF SECURITY RESEARCHERS are getting ready to showcase an attack against SSL/TLS that can compromise secure communications between most web sites and browsers.
In crypto parlance the method used by security researchers Juliano Rizzo and Thai Duong is known as a block-wise chosen-plaintext attack and has been known for years.
Post-2006 versions of the TLS protocol, like TLS 1.1 or 1.2 are not vulnerable to it, but this is of little importance because most web browsers and software continue to use TLS 1.0 or the older SSL protocol.
The two researchers plan to demonstrate their practical attack, dubbed BEAST for Browser Exploit Against SSL/TLS, this Friday at the ekoparty security conference in Buenos Aires.
"It is worth noting that the vulnerability that BEAST exploits has been presented since the very first version of SSL. Most people in the crypto and security community have concluded that it is non-exploitable, that's why it has been largely ignored for many years," Duong explained, according to Threatpost.
BEAST requires attackers to gain a man-in-the-middle position. Most of the time this means that they need to be on the same network as their targets so they can intercept browser requests.
BEAST has two components. One contains code that must be loaded into the victim's web browser and the second one captures and decrypts HTTPS session cookies. The researchers claim that they can decrypt any secure session cookie in five minutes on average.
"While other attacks focus on the authenticity property of SSL, BEAST attacks the confidentiality of the protocol. As far as we know, BEAST implements the first attack that actually decrypts HTTPS requests," Duong said.
He added that fixing the problem requires an overhaul of the entire protocol and noted that their work with browser and SSL vendors since May failed to produce a fix that is fully compatible with all existing applications.
Regardless of the workaround, some developers will need to change their web sites and applications, as switching everyone to a more secure version of the protocol can't happen overnight.
Last year, Juliano Rizzo and Thai Duong devised a padding oracle attack against ASP.NET applications that earned them a Pwnie award for the best server-side exploit. µ
Bad for shareholders, mildly good for the planet
YouTube on the Tube
Claims that it hasn't ever actually worked