It seems that there is a new JavaScript hacking tool hanging around that is capable of intercepting your PayPal account, not to mention other supposedly “secure” sessions. This coming Friday, two security researchers will work to deliver a hacking tool that is said to be able to decrypt secure Web requests to sites by utilizing the Transport Layer Security 1.0 protocol and SSL 3.0.
Basically, the hacking tool enables either a person or program to hijack sessions, and none are as lucrative as those associated with financial websites and other services. The two boffins in question? Juliano Rizzo and Thai Duong, where they will lift the curtain on their Browser Exploit Against SSL/TLS tool called BEAST.
BEAST is able to take advantage of the information collected in order to decrypt the target’s AES-encrypted requests, ranging from encrypted cookies to others, where it will follow that up by hijacking the no-longer secure connection. The decryption process is rather slow though, as BEAST needs sessions of at least 30 minutes at the moment in order to break cookies by relying on keys of more than 1,000 characters in length. Have you got the heebie jeebies yet?
Filed in Hacking and Javascript.
. Read more about