Is SSL/TLS Really Broken by the BEAST attack? What is the Real Story? What Should I Do?
Wednesday, September 21st, 2011
Update – April, 2012. openssl v1.0.1 is out and it supports TLS v1.1 and v1.2 which help mitigate this attack. All web sites hosted by LuxSci now use this updated software and are safer. LuxSci recommends using a web host which supports TLS v1.1 and v1.2 for secure web connections.
—-
SSL v3 and TLS v1 are subject to a serious exploit, according to a recently published attack mechanism (called BEAST). This sounds foundation-shattering and kind of scary. When people see this, as when we did, the first panicky questions that arise are:
- What is really affected?
- How serious is it?
- What can I do to protect myself?
- How does the BEAST attack actually work?
After researching this issue, we have digested what we have found and produced this article to answer all of these questions for you.
Read the rest of this post »
Creating a web site that has “secure” components requires more than slapping together some web pages and adding an SSL Certificate. All a certificate really does is create a thin veneer of security — one that does not go very far to protect whatever sensitive data necessitated security in the first place. In fact, naive attempts at security can ultimately make the data less secure and more likely to be compromised by creating an appetizing target for the unscrupulous.
Email updates:
