The BEAST Wins Again - Why TLS Keeps Failing to Protect HTTP

Explore three new attacks against TLS on the web in this 53-minute Black Hat conference talk. Delve into the cryptographic weaknesses and implementation issues that enable a resurgence of the 2009 renegotiation attack, learn about exploiting truncation vulnerabilities to bypass anti-stripping defenses, and discover how vulnerabilities in HTTPS deployment can lead to full server impersonation of major websites. Gain insights into the capabilities of attackers operating at both TLS and HTTP levels, understand how to configure HTTPS servers to prevent virtual host confusion attacks, and challenge common misconceptions about TLS and privacy in the context of powerful network attackers.

The BEAST Wins Again: Why TLS Keeps Failing to Protect HTTP