1

I'm looking for the best way to describe the Browser Exploit Against SSL/TLS (BEAST) attack to non-technical people, without being too general.

So I am not looking for: "did you ever noticed the lock in your browsing ensuring it is a secure connection?! When you are vulnerable to BEAST, it is not a secure connection anymore."

Anyone know a better way to explain this particular vulnerability to non-techies?

Gewure
  • 324
  • 1
  • 11
aentgood
  • 31
  • 7
  • This is a site for techies. – Konrad Gajewski Aug 28 '15 at 04:30
  • This may sound a little odd, but i think your 'not looking for'-explanation is actually pretty sound :) maybe you could define it in more detail, by adding another metaphor, like: 'BEAST makes your lock accept any key, just like a lock which has been modified'. – Gewure Aug 27 '15 at 12:06
  • LOL, I know it is pretty sound, but I think it is too high-over. The vulnerability in that case is equal to "Heartbleed", which it obviously isn't. So a little less high-over but as understandable for non-technical people. – aentgood Aug 27 '15 at 12:12
  • hmmm. i don't agree, cause heartbleed is more like... well you can explain heartbleed perfectly with this comic: https://xkcd.com/1354/ BEAST is rather a bypassing of Diffie-Hellman by being able to manipulate Alice and Bobs 'telephone', speaking in metaphors; while Heartbleed is a remote flawn in the protocol, allowing to recover sensitive information from the servers memory. – Gewure Aug 27 '15 at 13:48
  • I agree with you. In a technical way, they do differ. In a non technical way, still the profound secure line, isn't secure anymore. But that is why I am looking for a way to explain BEAST in a more advanced way to non-technical people. So it is specific enough for BEAST, but not about bypassing Diffie-Hellman and other tech slang – aentgood Aug 27 '15 at 13:58

0 Answers0