1. browse
  2. congress
  3. 2016
  4. event
conference logo

The DROWN Attack

Breaking TLS using SSLv2

Sebastian Schinzel

Playlists: '33c3' videos starting here / audio / related events

We present DROWN, a novel cross-protocol attack on TLS that uses a server supporting SSLv2 as an oracle to decrypt modern TLS connections. Using Internet-wide scans, we find that 33% of all HTTPS servers are vulnerable to this protocol-level attack.

Download

Video

These files contain multiple languages.

This Talk was translated into multiple languages. The files available for download contain all languages as separate audio-tracks. Most desktop video players allow you to choose between them.

Please look for "audio tracks" in your desktop video player.

Subtitles

eng
 Help us to improve these subtitles!

Audio

Download mp3
eng 50 MB
Download opus
eng 42 MB

Related

The Fight for Encryption in 2016
Bootstraping a slightly more secure laptop
Deploying TLS 1.3: the great, the good and the bad
The Global Assassination Grid
Shut Up and Take My Money!
Everything you always wanted to know about Certificate Transparency
Predicting and Abusing WPA2/802.11 Group Keys
Exploiting PHP7 unserialize
Reverse engineering Outernet
How Do I Crack Satellite and Cable Pay TV?

Embed

Share:

Tags