Thai Duong and Juliano Rizzo are scheduled to demonstrate their BEAST (Browser Exploit Against SSL/TLS) at the Ekoparty security conference of Friday, but information about it was released previously and has created quite a stir in the security community, still rattled by the recent demonstration of fallibility of the CA trust system.
The revelation that the last two versions (1.1 and 1.2) of the TLS cryptographic protocol are safe from such an attack gives almost no satisfaction, as the overwhelming majority of websites protected by it support version 1.0.
“BEAST is different than most published attacks against HTTPS,” Duong shared with The Register. “While other attacks focus on the authenticity property of SSL, BEAST attacks the confidentiality of the protocol. As far as we know, BEAST implements the first attack that actually decrypts HTTPS requests.”
He also claimed that with recently made improvements, it is able to decrypt a typical 1,000 to 2,000 characters long cookie in under ten minutes. Also, that other applications that use the vulnerable TLS version - such as instant messaging and VPN programs - could be attacked with BEAST.
And if you're wondering why a wide implementation of the newest versions of TLS has never happened even though they were released five and three years ago (respectively), the answer lays in the fact that updating it often means that other widely used technologies and popular applications won't work as they should.
This was corroborated by Duong, who say that they have been working with browser and SSL vendors since early May, but that every single proposed fix is incompatible with some existing SSL applications.
“What prevents people is that there are too many websites and browsers out there that support only SSL 3.0 and TLS 1.0. If somebody switches his websites completely over to 1.1 or 1.2, he loses a significant part of his customers and vice versa," he said.