Access member only content, take part in discussions with comments on blogs, news and reviews and receive all the latest security industry news directly to your inbox. Join now for free.
A confirmation email has been sent to your email address - SUPPLIED EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @scmagazine.com.au to your white-listed senders.
The inventor of SSL has labelled recent research into vulnerabilities in the SSL/TLS code as "over-sold".
The former secure sockets layer (SSL) champion at Netscape, Taher Elgamal, said the Browser Exploit Against SSL/TLS code (BEAST) was "powerful more than necessary".
Researchers Thai Duong and Juliano Rizzo revealed a vulnerability in versions 1.0 and earlier of TLS which allowed attackers to silently decrypt data that passed between a webserver and an end-user browser.
Duong and Rizzo had defeated SSL by breaking the underlying encryption it used to prevent sensitive data from being intercepted. They had used a JavaScript application and network sniffer to decrypt cookies.
But Elgamal said attackers would have "better things to do" than copy the exploit.
“If I can put malware on a machine, why should I read SSL?," he said.
"There is no issue with TLS 1.1 and everyone should be using the latest technologies, but the way this was published is so brash, it is so smart technically, but if I were an attacker I would have better things to do with my malware than read what people are doing, so why bother?”
Elgamal said the exploit was "technically clever" but it was "very over-sold".
“Trillion-dollar companies are worth going after and I am not defending the hackers, but these issues should be taken care of; this was over-marketed and that bothers me,” he said.
He said the unaffected TLS version 1.1 needs to be adopted by more users.
This article originally appeared at scmagazineuk.com
To begin commenting right away, you can log in below or register an account if you don't yet have one. Please read our guidelines on commenting. Offending posts will be removed and your access may be suspended. Abusive or obscene language will not be tolerated. The comments below do not necessarily reflect the views or opinions of SC Magazine, Haymarket Media or its employees.