Secure sites under the threat of a computer fault | Secure connection using a VPN

Will we have to be careful in the future , on secure sites? The website of your bank, your webmail or your favorite social network could they leaking confidential information without your knowledge, despite the padlock in your browser indicating that your visit is secure? Two security researchers believe. Friday, September 23, they will present their research at the security conference Ekoparty, which starts tomorrow in Buenos Aires.
Juliano Rizzo and Thai Duong have indeed managed to exploit a flaw in SSL / TLS 1.0. An important protocol because it is used by most websites to encrypt data exchange with the user.
With a tool of their own, Beast, they showed that it was possible to hijack a session on a secure HTTPS site and visit it in place of the victim without her knowing. The vulnerability used by the researchers is not new. « It was presented the first version of SSL […] but was deemed unworkable, » according to their statements, reported by Threatpost.
An attack of  « man in the middle » type !
The attack, difficult, however, would be beyond the reach of anybody. First, the attacker should access the victim’s local network to intercept communications between the PC and the Web, including secure HTTPS cookies. Then the hacker would enter the code in the browser Beast, for example through false advertising.
On the computer of the pirate, a sniffer « listen » to secure connections with TLS, while Beast decipher cookies. According to two experts, the decryption process takes about 5 minutes per site.
Juliano Rizzo and Thai Duong contacted all browser vendors to notify them of the threat. For the moment, only Opera has a fix. The risk applies only TLS 1.0, but versions 1.1 and 1.2 of the Protocol, that are not exposed, are used only by a tiny minority of web sites.
With their study, researchers hope to precisely accelerate the adoption of new versions of this security protocol … essential for the exchange of trust on the Web.

View VPN deals to secure your browsing !



Alex is a computer engineer and fascinated by new technologies such as VPN and censorship in the world. Find on it's site VPN reviews. Read VPN tutorials and subscribe to the best VPN provider. More about