Hacker News new | past | comments | ask | show | jobs | submit login

This attack could only be potentially practical against web browsers, not other applications implementing TLS.



They claim to also be able to perform the attack on other applications using TLS (such as VPNs), not just web browsers.


Quite possibly, but this is about BEAST and the ability of loading malicious Javascript. Performing the feat of code injection on a non-browser application is something completely different. If something is injecting code into your native application or throwing known plaintext into your socket streams then you've already been compromised.


You don't need to inject code, you need to inject traffic. Injecting code into client is only one way to do that. For example in many VPN deployments you can inject traffic into secure channel directly.




Consider applying for YC's W25 batch! Applications are open till Nov 12.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: