A pair of researchers recently created a tool called Browser Exploit Against SSL/TLS, or BEAST, which enables an...
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
attacker to intercept and decrypt SSL cookies on the same network by performing a "blockwise-adaptive chosen-plaintext" attack on encrypted packets. Does this BEAST SSL tool give attackers a powerful new weapon to break SSL/TLS encryption; how much of a risk does it pose to enterprises, and are there any mitigation tactics that can be put in place?
Ask the Expert!
Have questions about enterprise information security threats for expert Nick Lewis? Send them via email today! (All questions are anonymous.)
Before we assess the threat posed by the BEAST SSL tool, let's examine the context. Researchers Juliano Rizzo and Thai Duong expanded on Bruce Schneier and David Wagner’s analysis (.pdf) from 1999. In looking at SSL 3.0, Schneier and Wagner found that, despite several "minor" flaws, including the one mentioned above, SSL was still largely secure enough for broad use.
Dig Deeper on SSL and TLS VPN Security
Related Q&A from Nick Lewis
Vonteera adware has the ability to disable antimalware software on endpoint devices. Expert Nick Lewis explains how enterprises can prevent this ...continue reading
ModPOS, a new POS malware, compromised millions of credit card accounts in 2015. Expert Nick Lewis explains how cybercriminals use this malware and ...continue reading
Amex cards have been discovered to be vulnerable to credit card hacking. Expert Nick Lewis explains how this happens, and what can be done about Chip...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.