THAI DUONG (Chief Information Security Officer)

BEAST: Surprising crypto attack against HTTPS

We present a new fast block-wise chosen-plaintext attack against SSL/TLS. We also describe one application of the attack that allows an adversary to efficiently decrypt and obtain authentication tokens and cookies from HTTPS requests. Our exploit abuses a vulnerability present in the SSL/TLS implementation of major Web browsers at the time of writing.

Sobre Thai Duong

Thai Duong is a hacker from Vietnam, currently working as the Chief Information Security Officer at one of Vietnam's leading commercial banks where he leads the Information Security Department to protect 4 million customers completing more than 500,000 transactions a day. Thai has eight years experience in computer security, and now specializes in cryptography and application security. He co-authored a research on MD5 extension attack that made the Top Ten Web Hacking Techniques of 2009. Recently, he presented about practical crypto attacks at Black Hat Europe 2010.

« volver a Speakers