1. browse
  2. congress
  3. 2016
  4. event
conference logo

The DROWN Attack

Breaking TLS using SSLv2

Sebastian Schinzel

Playlists: '33c3' videos starting here / audio / related events

We present DROWN, a novel cross-protocol attack on TLS that uses a server supporting SSLv2 as an oracle to decrypt modern TLS connections. Using Internet-wide scans, we find that 33% of all HTTPS servers are vulnerable to this protocol-level attack.

Download

Video

These files contain multiple languages.

This Talk was translated into multiple languages. The files available for download contain all languages as separate audio-tracks. Most desktop video players allow you to choose between them.

Please look for "audio tracks" in your desktop video player.

Subtitles

eng
 Help us to improve these subtitles!

Audio

Download mp3
eng 50 MB
Download opus
eng 42 MB

Related

Shut Up and Take My Money!
Reverse engineering Outernet
Law Enforcement Are Hacking the Planet
The Global Assassination Grid
How Do I Crack Satellite and Cable Pay TV?
Check Your Police Record!
The Fight for Encryption in 2016
Predicting and Abusing WPA2/802.11 Group Keys
Everything you always wanted to know about Certificate Transparency
Bootstraping a slightly more secure laptop

Embed

Share:

Tags