lecture: A BEAST and a POODLE celebrating SWEET32
POODLE, BEAST, CRIME, SWEET32 ... So many SSL/TLS vulnerabilities, so little time to analyze them. That's why we will cover the most common in this presentation, with some live demos, so we can make good risk assessment on what needs to be fixed quickly, and with what we can live.
In last couple of years we have witnessed many SSL/TLS vulnerabilities with various acronyms: POODLE, BEAST, BREACH, CRIME, DROWN, FREAK and SWEET32 - to name some. Almost every time, a snazzy logo and a lot of panic around the vulnerability made us believe that this is the end of secure communication on the Internet.
However, we are yet to see any real hacks that actually exploited one of the above mentioned vulnerabilities.
This presentation will explain how these vulnerabilities work and will comment on their viability for web, mobile and fat client applications.
We will try to identify the SSL/TLS vulnerabilities who cried wolf, so we can concentrate on those that pose a serious threat (if such exist, that is), with some live demos.
Start time: 18:15