BEAST Internet security problem

A security conference was held in Argentina last week where a new security protocol weakness of web browsers was identified and demonstrated by researchers, Juliano Rizzo and Thai Duong. Basically, this security protocol weakness is a vulnerability in SSL (Secure Sockets Layer) and TLS (Transport Layer Security) 1.0, which are encryption protocols that are used to secure websites that are accessed using HTTPS (Hypertext Transfer Protocol Secure).

The two researchers have actually created a program that can decrypt the parts of an encrypted data stream. And then, this program can be used to attack a system’s online security as a man-in-the-middle (MITM) kind of attack. This program has been named BEAST, which stands for ‘Browser Exploit Against SSL/TLS’. This program targets the JavaScript that is running on the system and can then help an attacker to monitor the online activities of the system. Apart from doing this, the BEAST program can also masquerade as a user surfing on the system. It does so by compromising the cookie data of the prevailing session that is used to verify a web surfer with a site.

Various web browser developers are working on to find ways to protect their users from any such probable attack due to this existing vulnerability. The attack may result in the hijacking of logged in sessions of users by the online attackers. Mozilla has come up with a possible solution for its users, by disabling Java in Firefox. Let us hope that browser developers come up with safe solutions soon, otherwise it may lead to a large number of problems.