New web attack on SSL/TLS using BEAST
In the link below, the POC mentioned injecting the js thru use of an iframe ad or just loading the BEAST js into browser, thereafter comes the second stage of sniffing and decrypting https cookie to hijack the secure session. Seems like CSRF but not really since it is claimed to decrypt cookie prior to all this. Hope that I did not misunderstood the process.
http://threatpost.com/en_us/blogs/n...ies-091611
It reminds of the SSL renegotiation saga which the initial response was to disable such protocol exchange since it s the protocol design issue. For this BEAST attack, before they say the crypto is flawed, I doubt we can even say to go ahead and disable use of SSL/TLS 1.0.
Hence, looking ahead (before the POC is released, if it is) will F5 ASM be using a signature detection approach or better still has an iRule to prevent its hijacking (code injection) from even happening?
Thanks
Bernard