I have been going out of my way to avoid commenting on this story. Rather than to speculate I decided to bide my time and wait until this presentation goes on tomorrow.
From H Online:
On Friday, 23 September, at the Ekoparty security conference in Buenos Aires, researchers Juliano Rizzo and Thai Duong are planning to present a tool known as BEAST (Browser Exploit Against SSL/TLS). The tool allows an attacker on the same network to intercept and decrypt SSL cookies by performing a ‘blockwise-adaptive chosen-plaintext’ attack on encrypted packets.
The attacker has to get the browser to send some data to the remote site over the encrypted channel. Since the attacker now has both plain and encrypted text, they are able to determine the entropy used, significantly reducing the work involved in cracking the encryption.
So, is this a tempest in a tea pot? We shall soon see.
Source: Article Link
(Image used under CC from Adam Mulligan)
