Hanno Böck

Johannes Böck works as a freelance journalist and regularly covers IT security topics for the German IT news webpage Golem.de. He has written for several newspapers in the past and is the author of the monthly Bulletproof TLS Newsletter. Hanno also runs the Fuzzing Project, an effort to improve the security of free software applications.

URLs for Hanno Böck

No URLs found.

Talk Return of Bleichenbacher's Oracle Threat (ROBOT)

With a 19 year old vulnerability, we were able to sign a message with the private key of Facebook. I'll show how we found one of the oldest TLS vulnerabilities in products of 10 different vendors and how we practically exploited it on famous sites. I'll also discuss how the countermeasures introduced back in TLS 1.0 and expanded over the years failed to prevent this and why RSA PKCS #1 v1.5 encryption should be deprecated. Finally, I'll present what related problems are still present and unfixed in many popular TLS libraries.

Scheduled Instances of "Return of Bleichenbacher's Oracle Threat (ROBOT)"