Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

jeudi 29 septembre 2011

Background information about the recent "BEAST attack on SSL / TLS" (CERT-EU Security Advisory 2011-0005)

Two security researchers demonstrated[1] an attack against encrypted SSL and TLS "cookies", which sometimes store credentials (for example, Google or Facebook) to keep a user logged in. The attack received a lot of media attention. This advisory aims at explaining what a potential attacker would need to do for a successful attack, and what can/must be done to mitigate it. Click for further details.

Lien vers l'article source

Auteur: Cert EU

Catégories: CertEUNombre de vues: 248


Événements SSI