[talk] BEAST ssl attacks still relevant?
Okan Demirmen
okan at demirmen.com
Fri May 22 12:24:28 EDT 2015
On Fri 2015.05.22 at 16:10 +0000, Isaac (.ike) Levy wrote:
>
> Hey All,
>
> What do folks think about BEAST these days?
Marking it as a critical violation of policy; which kicks off a series
of processes to remediate or kick off the network with a very short TTL.
> Stuff like this makes me wonder how relevant it really is, (and reminds me
> how the heck it even works eh...),
>
> https://community.qualys.com/blogs/securitylabs/2013/09/10/is-beast-still-a-threat
>
> --
> How seriously are folks still taking server-side BEAST mitigations (and
> cipher massaging), seeing as it was really a client-side implementation
> issue? I'd love to hear any/all opinions.
See above.
> Best,
> .ike
>
>
> _______________________________________________
> talk mailing list
> talk at lists.nycbug.org
> http://lists.nycbug.org/mailman/listinfo/talk
More information about the talk
mailing list