Webopedia Term of the Day: What is SSL BEAST?
Oct 27, 2011, 11:03 (0 Talkback[s])
(Other stories by Webopedia)
No-Size-Fits-All! An Application-Down Approach for Your Cloud Transformation REGISTER >
"Short for Browser Exploit Against SSL/TLS, SSL Beast is an
exploit first, revealed in late September 2011, that leverages
weaknesses in cipher block chaining (CBC) to exploit the Secure
Sockets Layer (SSL) protocol. The CBC vulnerability can enable
man-in-the-middle (MITM) attacks against SSL in order to silently
decrypt and obtain authentication tokens, providing hackers with
access to the data passed between a Web server and the Web browser
accessing the server.
"While SSL BEAST attacks affect only the Transport Layer
Security (TLS) 1.0 version of SSL and not later versions such as
TLS 1.1 and 1.2, TLS 1.0 remains the overwhelmingly predominant
version used by both Web servers and browsers. Following a
researchers Juliano Rizzo and Thai Duong, developers of Google
Chrome and other major Web browsers started taking steps to create
workarounds for mitigating the risks of SSL BEAST attacks."