Conventional thinking says that it would take a beast of a program to break through the encryption spit out by the SSL/TLS protocol – that’s why it’s found in so many websites and browsers these days. Unfortunately, a pair of researchers say they’ve whipped up just such a program in the form of BEAST, or “Browser Exploit Against SSL/TLS,” and they plan on showing it off this Friday at the Ekoparty security conference. At least one company’s taking the threat seriously; Google plans on rolling out a Chrome update designed to confuse the BEAST and defend against its threat.
Cynics say that the world runs on money, but money wouldn’t run as smoothly on the World Wide Web if it wasn’t for SSL/TLS. It’s the go-to encryption protocol for a lot of the Internet, and it’s supported by every major browser and many of the top websites around. But how secure is it? A pair of security researchers plan on demonstrating a serious TLS security flaw at the Ekoparty security conference later this week, and they plan on doing it with a bang: by decrypting a Paypal authentication cookie.
The porn – um, "privacy" – modes in modern browsers do a great job of letting workers browse Facebook under the noses of employers with strict Web policies, but privacy modes don't do squat when a heavy-handed regime blocks access to specific websites. Freedom-loving webizens in freedom-hating countries have long turned to TOR as their onion-routing proxy of choice to get around governmental roadblocks, but researchers at the University of Michigan have developed a new system that could help Iranians and other censored Web users access "immoral" websites like Twitter and CNN.