Truncating TLS Connections to Violate Beliefs in Web Applications

Explore a critical security vulnerability in web applications through this Black Hat USA 2013 conference talk. Delve into the world of TLS truncation attacks and their potential to exploit logical flaws, leading to a desynchronization between user and server perspectives of an application's state. Discover how these attacks can be leveraged to compromise authentication systems, including real-world examples of exploiting the Helios electronic voting system, taking control of Microsoft Live accounts, and gaining temporary access to Google accounts. Learn about the challenges in web development that contribute to these vulnerabilities and gain insights into the setup, execution, and implications of such attacks. Understand the importance of addressing these security issues to protect web applications and user data.

Intro
What are we going to do
TLS Security
TLS Truncation Attack
Why Does This Work
Challenges in Web Development
Setup
Honest User
Edit Account Information
Access Email Account
What Went Wrong
What Im Wrong
Google
Summary
Questions