[talk] BEAST ssl attacks still relevant?

Isaac (.ike) Levy ike at blackskyresearch.net
Fri May 22 12:10:02 EDT 2015


Hey All,

What do folks think about BEAST these days?

Stuff like this makes me wonder how relevant it really is, (and reminds 
me how the heck it even works eh...),

https://community.qualys.com/blogs/securitylabs/2013/09/10/is-beast-still-a-threat

--
How seriously are folks still taking server-side BEAST mitigations (and 
cipher massaging), seeing as it was really a client-side implementation 
issue?  I'd love to hear any/all opinions.

Best,
.ike





More information about the talk mailing list