Loading…
This event has ended. View the official site or create your own event → Check it out
This event has ended. Create your own
View analytic
Thursday, November 21 • 2:00pm - 2:50pm
Modern Attacks on SSL/TLS: Let the BEAST of CRIME and TIME be not so LUCKY

Sign up or log in to save this to your schedule and see who's attending!

SSL/TLS is the core component for providing confidentiality and authentication in modern web communications. Recent vulnerabilities have undermined this and left much of web based communication vulnerable.
This talk will survey recent attacks such as BEAST, TIME, CRIME, LUCKY 13 and RC4 biases, highlighting the conditions required for exploitation as well as the current state of mitigations. Comprehensive recommendations will be provided highlighting the real world risks and mitigations taking all attacks into account instead of providing conflicting solutions to mitigate these attacks individually.
Finally, long term recommendations will be made as we move to a post TLS 1.0 world without overhauling the basic structure and operational infrastructure of modern web communication.

Speakers
avatar for Shawn Fitzgerald

Shawn Fitzgerald

Shawn Fitzgerald is a senior security consultant at iSEC Partners, an information security firm specializing in application, network, and mobile security. At iSEC, Shawn specializes in web based applications, client/server testing, cryptographic systems, security design and security protocol reviews.
avatar for Pratik Guha Sarkar

Pratik Guha Sarkar

Security Consultant, iSEC Partners
Pratik Guha Sarkar is a Security Consultant with iSEC Partners. At iSEC, Pratik works in the areas of web application/web services security, practical cryptography, mobile security and client/server testing. Before iSEC, he was with IBM working in telecom domain. Pratik graduated from Johns Hopkins University in Security Informatics.


Thursday November 21, 2013 2:00pm - 2:50pm
Salon 4 (5th Floor Ballroom) NY Marriott Marquis