[Colloq] Invited Talk - Thai Duong (Google) - BEAST and CRIME vs the Internet - March 11th, 1:00pm, 366 WVH

Jessica Biron bironje at ccs.neu.edu
Thu Feb 28 13:56:58 EST 2013 

BEAST and CRIME vs the Internet 

Thai Duong - Google 

Monday, March 11th - 1:00pm 
366 WVH 


Abstract: 

The Transport Layer Security (TLS) protocol aims to provide confidentiality and integrity of data in transit across untrusted networks like the Internet. It is widely used to secure web traffic and e-commerce transactions on the Internet. We present BEAST and CRIME, a set of recently disclosed attacks against TLS that allow a Man-in-the-Middle attacker to recover plaintext from a TLS connection. We applied BEAST and CRIME to attack HTTPS, and were able to obtain HTTPS's authentication tokens that allow us to compromise user accounts of a large number of popular websites. The same results were observed with SPDY, a new protocol from Google that has been selected as the basis of HTTP 2.0. The resulting exploits worked for major web browsers at the time of disclosure, and required a industry-wide effort to fix. 

Bio: 

Thai is an information security engineer at Google, where he is a proud member of the core product security team in charge of most Google products and services. Before joining Google, Thai was a security consultant at Matasano Security, where he helped Fortune 500 companies secure their most important consumer gadgets and software systems. Thai is best known for his award-winning research on practical cryptography attacks. He was the lead author of a Oakland'11 paper disclosing a critical vulnerability that affected millions of websites. That work was awarded the Pwnie for Best Server-Side Bug of 2011. His recent works include the BEAST and CRIME attacks against SSL/TLS - both of which were selected by the web security experts as the best web hacking technique of 2011 and 2012, respectively. 



Jessica Biron 
Administrative Assistant – Office of the Dean and CCIS Development 
College of Computer and Information Science 
Northeastern University 
202 West Village H 
617-373-5204 
bironje at ccis.neu.edu 
http://www.ccs.neu.edu/

More information about the Colloq mailing list