The experts who presented the BEAST attack return with a new discovery

Sep 13, 2012 08:14 GMT  ·  By

Juliano Rizzo and Thai Duong – the security researcher who became famous after demonstrating the SSL attack known as the BEAST – have come up with an attack against the TLS protocol.

To prove their findings, they’ve released a video proof-of-concept which shows that an attacker can gain access to protected user cookies and hijack sessions.

According to the researchers, the new attack is similar to the BEAST, but they didn’t pinpoint the TLS feature responsible for the information leak, ThreatPost notes.

Apparently, all TLS versions are susceptible to these attacks which work on both Firefox and Chrome.

The experts reveal that users can protect themselves against such attacks by permanently keeping their browsers updated and by disabling compression on servers.

The details of the CRIME attack will be presented by the researchers at the upcoming ekoparty security conference in Buenos Aires, Argentina.