[talk] BEAST ssl attacks still relevant?

Okan Demirmen okan at demirmen.com
Fri May 22 12:24:28 EDT 2015


On Fri 2015.05.22 at 16:10 +0000, Isaac (.ike) Levy wrote:
> 
> Hey All,
> 
> What do folks think about BEAST these days?

Marking it as a critical violation of policy; which kicks off a series
of processes to remediate or kick off the network with a very short TTL.

> Stuff like this makes me wonder how relevant it really is, (and reminds me
> how the heck it even works eh...),
> 
> https://community.qualys.com/blogs/securitylabs/2013/09/10/is-beast-still-a-threat
> 
> --
> How seriously are folks still taking server-side BEAST mitigations (and
> cipher massaging), seeing as it was really a client-side implementation
> issue?  I'd love to hear any/all opinions.

See above.

> Best,
> .ike
> 
> 
> _______________________________________________
> talk mailing list
> talk at lists.nycbug.org
> http://lists.nycbug.org/mailman/listinfo/talk



More information about the talk mailing list