Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
For the out-of-band Slashdot experience (mostly headlines), follow us on Twitter, or Facebook. ×

Comment: Re:The problem is not Java (Score 1) 309 309

No matter what we do to the browser's TLS implementation, this attack would still be possible via Java, because Java has its own TLS implementation.

We are already working on proactively mitigating any improvements on the BEAST attack that could be made to work using native browser features that would be affected by changes to our TLS implementation. But, right now, there are no known ways to implement the attack using built-in browser features.

Comment: Re:Won't help (Score 1) 309 309

There may indeed be other vectors for an attack that use built-in browser features. However, some characteristics of how the browser manages connections and how it formats HTTP requests would defeat most (all, as far as we know at this time) variations of the attack that use built-in browser features.

Comment: Re:Java still there (Score 1) 309 309

Implementing that workaround in the browser will not help when the attacker users Java, because the Java Plugin does not use the browser's TLS implementation; it uses its own.

An Oracle engineer is the one that came up with that technique for interfering with the exploit.

We are going to implement it. I am finalizing the patch now.

"Love is a snowmobile racing across the tundra and then suddenly it flips over, pinning you underneath. At night, the ice weasels come." --Matt Groening

Working...