SSL data securityThe need to secure the transmission of data between computers or between a computer and a server appeared since the first connection was made and has become ever more important as we began to send more and more data over the internet. Thus, the Secure Sockets Layer (SSL) and later on Transport Layer Security (TLS), which are cryptographic protocols, were created. These provide security for the data that is sent over the Internet.

Secure Sockets Layer (SSL) – how does it work?

In the background, your computer and the server negotiate the connection by using a handshaking procedure, during which they agree on various parameters used to establish the connection’s security. By design, the data that is sent between the computer and server can only be sent/read by them, through the encryption/decryption keys.

As a user, you will recognize the difference between a secure and a nonsecure connection, because websites that use encryption have the corresponding “lock” icon being displayed and, more often than not, there is an extra S added to the address (HTTPS instead of HTTP).

Research project : BEAST (Browser Exploit Against SSL/TLS) vs SSL

However, Thai Duong and Juliano Rizzo have presented a proof-of-concept code called BEAST (Browser Exploit Against SSL/TLS) in the form of a stealthy piece of JavaScript code. It works with a network sniffer to decrypt encrypted cookies a targeted website uses to grant access to restricted user accounts. Thai explains how the exploit works in this video:

 

The attack was created for research purposes: “It attacks one of the foundations of trust on the internet,” as described by researcher Roel Schouwenberg.

Cyber criminals are more and more ingenious in finding vulnerabilities to exploit. Without proper protection, your internet browser, email client or other programs could become the victim of an exploit.

We recommend that you sign up to our Blog, so you can remain informed of all the new threats and how to protect yourself from them.

Posted by Andreea Luciana Ostache

 

avatarWritten by Andreea-Luciana Ostache (10 Posts)


Leave a Reply

Your email address will not be published.


*