Talk: TLS attacks and the burden of faulty TLS implementations 2016-07-11
TLS is by far the most important cryptographic protocol in use today. In recent years TLS received much more attention from security researchers. Implementation errors like Heartbleed and protocol bugs like BEAST, Lucky Thirteen, DROWN and many more have made headlines.
Faulty implementations can enable attacks. In some cases they can even be a security risk for uninvolved third parties and endanger the whole TLS ecosystem. Especially so-called Enterprise devices that have their own TLS stack are often a reason for concern.
The speaker will give an overview of implementation errors that happened in various TLS stacks and will shed light on this underappreciated problem.
Hanno Böck started the Fuzzing Project in 2014 as an effort to improve the security of free software code. In May the Linux Foundation's Core Infrastructure Initiative decided to fund this work. He is also working as a freelance journalist and regularly writes about IT security issues for various publications. He is the author of the monthly Bulletproof TLS Newsletter.