{"id":1319,"date":"2011-09-23T21:03:59","date_gmt":"2011-09-23T21:03:59","guid":{"rendered":"http:\/\/nethemba.com\/cs\/beast-utok-na-ssl-v3-0-a-tls-v1-0\/"},"modified":"2011-09-23T21:03:59","modified_gmt":"2011-09-23T21:03:59","slug":"beast-utok-na-ssl-v3-0-a-tls-v1-0","status":"publish","type":"post","link":"https:\/\/nethemba.com\/cs\/beast-utok-na-ssl-v3-0-a-tls-v1-0\/","title":{"rendered":"BEAST \u00fatok na SSL v3.0 a TLS v1.0"},"content":{"rendered":"

Juliano Rizzo<\/a> and Thai Duong<\/a>, ktor\u00ed minul\u00fd rok odhalili v\u00e1\u017en\u00fd Oracle Padding \u00fatok (jeho popis bol zverejnen\u00fd aj na na\u0161om blogu<\/a>), pred p\u00e1r d\u0148ami na najv\u00e4\u010d\u0161ej bezpe\u010dnostnej konferencii v Ju\u017enej Amerike Ekoparty<\/a> demon\u0161trovali v\u00e1\u017enu zranite\u013enos\u0165 v SSLv3\/TLS v1.0 protokole, ktor\u00fd je mas\u00edvne vyu\u017e\u00edvan\u00fd vo v\u00e4\u010d\u0161ine \u0161ifrovan\u00fdch spojeniach ako HTTPS, IMAPS, POP3S, SMTPS a in\u00fdch protokoloch vyu\u017e\u00edvaj\u00facich SSLv3\/TLSv1. Prakticky implementovali doposia\u013e teoretick\u00fd „chosen-plaintext recovery“ \u00fatok na SSL z roku 2004<\/a>, ktor\u00fdm demon\u0161trovali de\u0161ifrovanie HTTPS spojenia na https:\/\/paypal.com<\/a> z ktor\u00e9ho dok\u00e1zali z\u00edska\u0165 za\u0161ifrovan\u00e9 „cookies“ a t\u00fdm p\u00e1dom cel\u00e9 HTTPS spojenie kompromitova\u0165 (viac inform\u00e1ci\u00ed o t\u00fdchto „teoretick\u00fdch“ probl\u00e9moch z roku 2004<\/a>).<\/p>\n

Na \u00faspe\u0161n\u00e9 vykonanie \u00fatoku mus\u00ed by\u0165 \u00fato\u010dn\u00edk „uprostred“ medzi samotn\u00fdm klientom a cie\u013eov\u00fdm serverom, teda mus\u00ed ma\u0165 mo\u017enos\u0165 odpo\u010d\u00favania TCP spojen\u00ed medzi dan\u00fdm klientom a serverom a to aj s mo\u017enos\u0165ou MITM (Man-In-The-Middle) \u00fatoku, teda mo\u017enos\u0165ou upravi\u0165 ne\u0161ifrovan\u00fa HTTP odpove\u010f zaslan\u00fa serverom dan\u00e9mu klientovi (\u010do sa prakticky vyu\u017e\u00edva v samotnom \u00fatoku). Podot\u00fdkam, \u017ee bezpe\u010dn\u00e9 „end-to-end“ \u0161ifrovan\u00e9 SSL\/TLS spojenia s\u00fa akur\u00e1t tak\u00e9, ktor\u00e9 \u00fato\u010dn\u00edk „uprostred“ nedok\u00e1\u017ee nijako ohrozi\u0165, resp. ak\u00fdko\u013evek jeho pokus je odhalen\u00fd samotn\u00fdm klientom\/serverom (nesedia certifik\u00e1ty, klientovi sa zobraz\u00ed ve\u013ek\u00e9 upozornenie). Ako uvid\u00edme \u010falej, v nasleduj\u00facom pop\u00edsanom \u00fatoku to neplat\u00ed.<\/p>\n

Ako \u00fatok funguje?<\/strong><\/p>\n

1. Otvor\u00edte ne\u0161ifrovan\u00e9 spojenie v princ\u00edpe na \u013eubovo\u013en\u00fa ne\u0161ifrovan\u00fa HTTP str\u00e1nku. Nako\u013eko \u00fato\u010dn\u00edk m\u00e1 pln\u00fa kontrolu nad va\u0161imi ne\u0161ifrovan\u00fdmi spojeniami, tak sprav\u00ed jednoduch\u00fd MITM \u00fatok a do HTTP odpovede V\u00e1m nainjektuje svoj vlastn\u00fd nebezpe\u010dn\u00fd javascript k\u00f3d.<\/p>\n

2. Tento nebezpe\u010dn\u00fd javascript sa samozrejme spust\u00ed vo va\u0161om prehliada\u010di a vytvor\u00ed \u0161ifrovan\u00e9 spojenie na https:\/\/www.paypal.com<\/a> (napr\u00edklad cez <img src=“https:\/\/www.paypal.com“…>), tak\u017ee dan\u00fd javascript nemus\u00ed v\u00f4bec beza\u0165 v kontexte SOP (Same-Origin-Policy) dom\u00e9ny www.paypal.com.<\/p>\n

3. Nako\u013eko \u00fato\u010dn\u00edk odpo\u010d\u00fava (=sniffuje) v\u0161etky TCP spojenia medzi vami ako klientom a serverom www.paypal.com, tak dok\u00e1\u017ee zachyti\u0165 samozrejme aj obsah \u0161ifrovan\u00e9ho spojenia medzi va\u0161im prehliada\u010dom a www.paypal.com (ktor\u00fd bol vygenerovan\u00fd jeho skriptom, ktor\u00fd otvoril https:\/\/www.paypal.com<\/a>). Nako\u013eko \u00fato\u010dn\u00edk presne vie, \u010do jeho injektovan\u00fd javascript poslal zo strany prehliada\u010da, tak disponuje ako odchyten\u00fdmi \u0161ifrovan\u00fdmi datami („ciphertext“), tak ne\u0161ifrovan\u00fdmi datami, ktor\u00e9 poslal jeho skript („plaintext“) a m\u00f4\u017ee sa pusti\u0165 do „chosen-plaintext-recovery“ \u00fatoku. Behom p\u00e1r min\u00fat pou\u017eit\u00edm be\u017enej v\u00fdpo\u010dtovej sily, \u00fato\u010dn\u00edk dok\u00e1\u017ee odhali\u0165 tzv. „inicializa\u010dn\u00fd vektor“ pre dan\u00e9 zabezpe\u010den\u00e9 spojenie (ide konkr\u00e9tne o zneu\u017eitie zranite\u013enost\u00ed slab\u00e9ho inicializa\u010dn\u00e9ho vektora v SSL\/TLSv1, ktor\u00e9 bolo pop\u00edsan\u00e9 u\u017e v roku 2004<\/a>).<\/p>\n

4. Znalos\u0165 uveden\u00e9ho inicializa\u010dn\u00e9ho vektora sta\u010d\u00ed \u00fato\u010dn\u00edkovi na odhalenie\/de\u0161ifrovanie bezpe\u010dn\u00fdch autentifika\u010dn\u00fdch „cookies“, ktor\u00e9 s\u00fa nasledne zaslan\u00e9 v danom HTTPS za\u0161ifrovanom spojen\u00ed.<\/p>\n

5. \u00dato\u010dn\u00edk dok\u00e1\u017ee uveden\u00e9 odhalen\u00e9 „cookies“ zopakova\u0165 (tzv. „replay“), \u010d\u00edm automaticky z\u00edska pln\u00fd pr\u00edstup do dan\u00e9ho \u00fa\u010dtu (v na\u0161om pr\u00edpade https:\/\/www.paypal.com<\/a>), do ktor\u00e9ho je dan\u00fd klient u\u017e prihl\u00e1sen\u00fd a teda vid\u00ed a m\u00f4\u017ee vykon\u00e1va\u0165 \u013eubovo\u013en\u00e9 akcie zo strany klienta.<\/p>\n

Z\u00e1kladne predpoklady na \u00faspe\u0161n\u00fd BEAST \u00fatok:<\/strong><\/p>\n

1. Klient mus\u00ed ma\u0165 v prehliada\u010di zapnut\u00fd javascript (\u010do m\u00e1 v dne\u0161nej dobe viac ako 99% v\u0161etk\u00fdch prehliada\u010dov).<\/p>\n

2. \u00dato\u010dn\u00edk sa mus\u00ed nach\u00e1dza\u0165 „uprostred“ medzi klientom a dan\u00fdm serverom a mus\u00ed by\u0165 schopn\u00fd tie\u017e akt\u00edvneho MITM \u00fatoku (to znamen\u00e1 by\u0165 schopn\u00fd modifikova\u0165 HTTP odpove\u010f s cie\u013eom nainjektova\u0165 vlastn\u00fd podvrhnut\u00fd javascript).<\/p>\n

3. \u00dato\u010dn\u00edk mus\u00ed dopredu vedie\u0165, ak\u00fd zabezpe\u010den\u00fd HTTPS web klient nav\u0161t\u00edvi (aby na z\u00e1klade toho vedel, ak\u00fd javascript mu m\u00e1 podvrhn\u00fa\u0165).<\/p>\n

4. \u00dato\u010dn\u00edk mus\u00ed ma\u0165 dostato\u010dne ve\u013ea \u010dasu na zozbieranie a anal\u00fdzu odchyten\u00fdch d\u00e1t medzi klientom a serverom (r\u00e1dovo polhodinu, \u010do samozrejme v bud\u00facnosti bude len klesa\u0165).<\/p>\n

5. Klient mus\u00ed na dan\u00e9 \u0161ifrovan\u00e9 spojenie (napr. https:\/\/www.paypal.com<\/a>), ktor\u00e9 mu \u00fato\u010dn\u00edk kompromituje, pou\u017ei\u0165 ten ist\u00fd prehliada\u010d (session) bez toho, aby ho zatvoril a spustil znovu, pr\u00edpadne pou\u017eil in\u00fd prehliada\u010d – to v\u0161etko od okamihu ako \u00fato\u010dn\u00edk don\u00fat\u00ed klienta cez nainjektovan\u00fd javascript otvori\u0165 \u0161ifrovan\u00e9 spojenie na https:\/\/www.paypal.com<\/a>, ktor\u00e9 n\u00e1sledne odpo\u010duje v jeho \u0161ifrovanej forme.<\/p>\n

6. Samozrejme ak\u00e9ko\u013evek akcie, ktor\u00e9 \u00fato\u010dn\u00edk dok\u00e1\u017ee pod klientom vykona\u0165, m\u00f4\u017ee len po\u010das toho ako je jeho spojenie akt\u00edvne (ak sa raz klient dobrovo\u013ene zo svojho PayPalu odhl\u00e1si, tak aj \u00fato\u010dn\u00edk strat\u00ed mo\u017enos\u0165 kontroly nad t\u00fdmto webom – samozrejme pok\u00fdm mu nestihol predt\u00fdm zmeni\u0165 heslo:-)<\/p>\n

Ako vidie\u0165, podmienok, ktor\u00e9 s\u00fa nevyhnutn\u00e9 na \u00faspe\u0161n\u00fd \u00fatok je relat\u00edvne ve\u013ea, ur\u010dite nejde ale o teoretick\u00fd \u00fatok, ale \u010disto praktick\u00fd, ktor\u00fd nie je \u0165a\u017eko realizovate\u013en\u00fd (obzvl\u00e1\u0161\u0165 ak \u00fato\u010dn\u00edk m\u00e1 pln\u00fd pr\u00edstup nad infra\u0161trukt\u00farou dan\u00e9ho klienta a dok\u00e1\u017ee odhadn\u00fa\u0165 na ak\u00e9 SSL weby dan\u00fd klient pristupuje).<\/p>\n

Rie\u0161enie:<\/strong><\/p>\n

Protokol TLS v1.1 a v1.2 nie je s\u00edce zranite\u013en\u00fd na uveden\u00fd \u00fatok, bohu\u017eia\u013e tento protokol je podporovan\u00fd len Internet Explorerom a Operou – ostatn\u00e9 prehliada\u010de (Google Chrome, Firefox, Safari a pravdepodobne v\u00e4\u010d\u0161ina mobiln\u00fdch prehliada\u010dov) tieto nov\u0161ie protokoly nepodporuj\u00fa. Minim\u00e1lne Google u\u017e stihol zareagova\u0165 a vydal patch do Chrome<\/a>.
\nPodobne ve\u013emi slab\u00fa podporu TLS v1.1\/v1.2 maj\u00fa aj Internetov\u00e9 webov\u00e9 servery (pod\u013ea Opery je to len 0.25% v\u0161etk\u00fdch webov\u00fdch serverov). Bohu\u017eia\u013e tento fakt je sp\u00f4soben\u00fd t\u00fdm, \u017ee stabiln\u00e1 verzia OpenSSL st\u00e1le nepodporuje TLS v1.1 (je to podporovan\u00e9 len „development“ verziami OpenSSL), tak\u017ee to prirodzene nepodporuj\u00fa ani slu\u017eby postaven\u00e9 nad OpenSSL. \u010eal\u0161\u00ed pochopite\u013en\u00fd d\u00f4vod nepou\u017e\u00edvania TLSv1.1\/v1.2 bol samozrejme tak\u00fd, \u017ee doteraz nebola potreba tieto nov\u0161ie protokoly vyu\u017e\u00edva\u0165 – \u017eiadne re\u00e1lne \u00fatoky vo\u010di SSL v3.0 a TLS v1.0 toti\u017e neexistovali.
\nBeast \u00fatok sa prim\u00e1rne t\u00fdka AES implement\u00e1cie TLS 1.0, tak rie\u0161enie predstavuje preferovanie symetrickej \u0161ifry RC4, uv\u00e1dzame bezpe\u010dn\u00fa konfigur\u00e1cia pre webov\u00fd server Apache:<\/p>\n

SSLHonorCipherOrder On
\nSSLCipherSuite ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH<\/code>
\nAko sa chr\u00e1ni\u0165 pred BEAST \u00fatokom?<\/strong><\/p>\n

1. Ur\u010dite nepresta\u0165 pou\u017e\u00edva\u0165 \u0161ifrovan\u00e9 SSL\/TLS spojenia, je potrebn\u00e9 pou\u017e\u00edva\u0165 \u010do najaktu\u00e1lnej\u0161ie verzie prehliada\u010dov, ktor\u00e9 uveden\u00fa chybu u\u017e maj\u00fa opraven\u00fa.<\/p>\n

2. Pri pristupovan\u00ed na \u0161ifrovan\u00e9 weby je potrebn\u00e9 pou\u017e\u00edva\u0165 v\u00fdhradne pr\u00edstup cez https:\/\/ (nepreklik\u00e1va\u0165 sa z ne\u0161ifrovan\u00e9ho http:\/\/ spojenia), je vhodn\u00e9 si tieto priame linky na \u0161ifrovan\u00e9 verzie webov rovno ulo\u017eit do webov\u00fdch z\u00e1lo\u017eiek prehliada\u010da.<\/p>\n

3. Pou\u017e\u00edva\u0165 in\u00fd prehliada\u010d na pr\u00edstup k \u0161ifrovan\u00fdm webom a in\u00fd k ne\u0161ifrovan\u00fdm.<\/p>\n

Viac inform\u00e1ci\u00ed:<\/strong><\/p>\n

Beware of BEAST decrypting secret PayPal cookies<\/a><\/p>\n

Hackers break SSL encryption used by millions of sites<\/a><\/p>\n

Is SSL\/TLS Really Broken by the BEAST attack? What is the Real Story? What Should I Do?<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

Juliano Rizzo and Thai Duong, ktor\u00ed minul\u00fd rok odhalili v\u00e1\u017en\u00fd Oracle Padding \u00fatok (jeho popis bol zverejnen\u00fd aj na na\u0161om blogu), pred p\u00e1r d\u0148ami na najv\u00e4\u010d\u0161ej bezpe\u010dnostnej konferencii v Ju\u017enej Amerike Ekoparty demon\u0161trovali v\u00e1\u017enu zranite\u013enos\u0165 v SSLv3\/TLS v1.0 protokole, ktor\u00fd je mas\u00edvne vyu\u017e\u00edvan\u00fd vo v\u00e4\u010d\u0161ine \u0161ifrovan\u00fdch spojeniach ako HTTPS, IMAPS, POP3S, SMTPS a in\u00fdch protokoloch […]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[12],"tags":[695,696,697,698],"class_list":["post-1319","post","type-post","status-publish","format-standard","hentry","category-uncategorized-cs","tag-beast-cs","tag-beast-utok-cs","tag-ssl-3-0-cs","tag-tls-v1-cs"],"yoast_head":"\nBEAST \u00fatok na SSL v3.0 a TLS v1.0 - Nethemba<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/nethemba.com\/cs\/beast-utok-na-ssl-v3-0-a-tls-v1-0\/\" \/>\n<meta property=\"og:locale\" content=\"cs_CZ\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"BEAST \u00fatok na SSL v3.0 a TLS v1.0 - Nethemba\" \/>\n<meta property=\"og:description\" content=\"Juliano Rizzo and Thai Duong, ktor\u00ed minul\u00fd rok odhalili v\u00e1\u017en\u00fd Oracle Padding \u00fatok (jeho popis bol zverejnen\u00fd aj na na\u0161om blogu), pred p\u00e1r d\u0148ami na najv\u00e4\u010d\u0161ej bezpe\u010dnostnej konferencii v Ju\u017enej Amerike Ekoparty demon\u0161trovali v\u00e1\u017enu zranite\u013enos\u0165 v SSLv3\/TLS v1.0 protokole, ktor\u00fd je mas\u00edvne vyu\u017e\u00edvan\u00fd vo v\u00e4\u010d\u0161ine \u0161ifrovan\u00fdch spojeniach ako HTTPS, IMAPS, POP3S, SMTPS a in\u00fdch protokoloch […]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/nethemba.com\/cs\/beast-utok-na-ssl-v3-0-a-tls-v1-0\/\" \/>\n<meta property=\"og:site_name\" content=\"Nethemba\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/nethemba\" \/>\n<meta property=\"article:published_time\" content=\"2011-09-23T21:03:59+00:00\" \/>\n<meta name=\"author\" content=\"Pavol Lupt\u00e1k\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@nethemba\" \/>\n<meta name=\"twitter:site\" content=\"@nethemba\" \/>\n<meta name=\"twitter:label1\" content=\"Napsal(a)\" \/>\n\t<meta name=\"twitter:data1\" content=\"Pavol Lupt\u00e1k\" \/>\n\t<meta name=\"twitter:label2\" content=\"Odhadovan\u00e1 doba \u010dten\u00ed\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 minut\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/nethemba.com\/cs\/beast-utok-na-ssl-v3-0-a-tls-v1-0\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/nethemba.com\/cs\/beast-utok-na-ssl-v3-0-a-tls-v1-0\/\"},\"author\":{\"name\":\"Pavol Lupt\u00e1k\",\"@id\":\"https:\/\/nethemba.com\/de\/#\/schema\/person\/5f4ba68c8e1a2013d30e0804245b8234\"},\"headline\":\"BEAST \u00fatok na SSL v3.0 a TLS v1.0\",\"datePublished\":\"2011-09-23T21:03:59+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/nethemba.com\/cs\/beast-utok-na-ssl-v3-0-a-tls-v1-0\/\"},\"wordCount\":1230,\"commentCount\":0,\"keywords\":[\"beast\",\"beast \u00fatok\",\"ssl 3.0\",\"tls v1\"],\"articleSection\":[\"Uncategorized @cs\"],\"inLanguage\":\"cs\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/nethemba.com\/cs\/beast-utok-na-ssl-v3-0-a-tls-v1-0\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/nethemba.com\/cs\/beast-utok-na-ssl-v3-0-a-tls-v1-0\/\",\"url\":\"https:\/\/nethemba.com\/cs\/beast-utok-na-ssl-v3-0-a-tls-v1-0\/\",\"name\":\"BEAST \u00fatok na SSL v3.0 a TLS v1.0 - Nethemba\",\"isPartOf\":{\"@id\":\"https:\/\/nethemba.com\/de\/#website\"},\"datePublished\":\"2011-09-23T21:03:59+00:00\",\"author\":{\"@id\":\"https:\/\/nethemba.com\/de\/#\/schema\/person\/5f4ba68c8e1a2013d30e0804245b8234\"},\"breadcrumb\":{\"@id\":\"https:\/\/nethemba.com\/cs\/beast-utok-na-ssl-v3-0-a-tls-v1-0\/#breadcrumb\"},\"inLanguage\":\"cs\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/nethemba.com\/cs\/beast-utok-na-ssl-v3-0-a-tls-v1-0\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/nethemba.com\/cs\/beast-utok-na-ssl-v3-0-a-tls-v1-0\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/nethemba.com\/cs\/home-new-2025\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"BEAST \u00fatok na SSL v3.0 a TLS v1.0\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/nethemba.com\/de\/#website\",\"url\":\"https:\/\/nethemba.com\/de\/\",\"name\":\"Nethemba\",\"description\":\"We care about your security\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/nethemba.com\/de\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"cs\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/nethemba.com\/de\/#\/schema\/person\/5f4ba68c8e1a2013d30e0804245b8234\",\"name\":\"Pavol Lupt\u00e1k\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"cs\",\"@id\":\"https:\/\/secure.gravatar.com\/avatar\/978b23022518d076eaa243b375d2e0272af4f00dd502ce79cc357276d9bc2495?s=96&d=mm&r=g\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/978b23022518d076eaa243b375d2e0272af4f00dd502ce79cc357276d9bc2495?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/978b23022518d076eaa243b375d2e0272af4f00dd502ce79cc357276d9bc2495?s=96&d=mm&r=g\",\"caption\":\"Pavol Lupt\u00e1k\"},\"sameAs\":[\"https:\/\/www.nethemba.com\/\"],\"url\":\"https:\/\/nethemba.com\/cs\/author\/nethemba-admin\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"BEAST \u00fatok na SSL v3.0 a TLS v1.0 - Nethemba","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/nethemba.com\/cs\/beast-utok-na-ssl-v3-0-a-tls-v1-0\/","og_locale":"cs_CZ","og_type":"article","og_title":"BEAST \u00fatok na SSL v3.0 a TLS v1.0 - Nethemba","og_description":"Juliano Rizzo and Thai Duong, ktor\u00ed minul\u00fd rok odhalili v\u00e1\u017en\u00fd Oracle Padding \u00fatok (jeho popis bol zverejnen\u00fd aj na na\u0161om blogu), pred p\u00e1r d\u0148ami na najv\u00e4\u010d\u0161ej bezpe\u010dnostnej konferencii v Ju\u017enej Amerike Ekoparty demon\u0161trovali v\u00e1\u017enu zranite\u013enos\u0165 v SSLv3\/TLS v1.0 protokole, ktor\u00fd je mas\u00edvne vyu\u017e\u00edvan\u00fd vo v\u00e4\u010d\u0161ine \u0161ifrovan\u00fdch spojeniach ako HTTPS, IMAPS, POP3S, SMTPS a in\u00fdch protokoloch […]","og_url":"https:\/\/nethemba.com\/cs\/beast-utok-na-ssl-v3-0-a-tls-v1-0\/","og_site_name":"Nethemba","article_publisher":"https:\/\/www.facebook.com\/nethemba","article_published_time":"2011-09-23T21:03:59+00:00","author":"Pavol Lupt\u00e1k","twitter_card":"summary_large_image","twitter_creator":"@nethemba","twitter_site":"@nethemba","twitter_misc":{"Napsal(a)":"Pavol Lupt\u00e1k","Odhadovan\u00e1 doba \u010dten\u00ed":"6 minut"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/nethemba.com\/cs\/beast-utok-na-ssl-v3-0-a-tls-v1-0\/#article","isPartOf":{"@id":"https:\/\/nethemba.com\/cs\/beast-utok-na-ssl-v3-0-a-tls-v1-0\/"},"author":{"name":"Pavol Lupt\u00e1k","@id":"https:\/\/nethemba.com\/de\/#\/schema\/person\/5f4ba68c8e1a2013d30e0804245b8234"},"headline":"BEAST \u00fatok na SSL v3.0 a TLS v1.0","datePublished":"2011-09-23T21:03:59+00:00","mainEntityOfPage":{"@id":"https:\/\/nethemba.com\/cs\/beast-utok-na-ssl-v3-0-a-tls-v1-0\/"},"wordCount":1230,"commentCount":0,"keywords":["beast","beast \u00fatok","ssl 3.0","tls v1"],"articleSection":["Uncategorized @cs"],"inLanguage":"cs","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/nethemba.com\/cs\/beast-utok-na-ssl-v3-0-a-tls-v1-0\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/nethemba.com\/cs\/beast-utok-na-ssl-v3-0-a-tls-v1-0\/","url":"https:\/\/nethemba.com\/cs\/beast-utok-na-ssl-v3-0-a-tls-v1-0\/","name":"BEAST \u00fatok na SSL v3.0 a TLS v1.0 - Nethemba","isPartOf":{"@id":"https:\/\/nethemba.com\/de\/#website"},"datePublished":"2011-09-23T21:03:59+00:00","author":{"@id":"https:\/\/nethemba.com\/de\/#\/schema\/person\/5f4ba68c8e1a2013d30e0804245b8234"},"breadcrumb":{"@id":"https:\/\/nethemba.com\/cs\/beast-utok-na-ssl-v3-0-a-tls-v1-0\/#breadcrumb"},"inLanguage":"cs","potentialAction":[{"@type":"ReadAction","target":["https:\/\/nethemba.com\/cs\/beast-utok-na-ssl-v3-0-a-tls-v1-0\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/nethemba.com\/cs\/beast-utok-na-ssl-v3-0-a-tls-v1-0\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/nethemba.com\/cs\/home-new-2025\/"},{"@type":"ListItem","position":2,"name":"BEAST \u00fatok na SSL v3.0 a TLS v1.0"}]},{"@type":"WebSite","@id":"https:\/\/nethemba.com\/de\/#website","url":"https:\/\/nethemba.com\/de\/","name":"Nethemba","description":"We care about your security","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/nethemba.com\/de\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"cs"},{"@type":"Person","@id":"https:\/\/nethemba.com\/de\/#\/schema\/person\/5f4ba68c8e1a2013d30e0804245b8234","name":"Pavol Lupt\u00e1k","image":{"@type":"ImageObject","inLanguage":"cs","@id":"https:\/\/secure.gravatar.com\/avatar\/978b23022518d076eaa243b375d2e0272af4f00dd502ce79cc357276d9bc2495?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/978b23022518d076eaa243b375d2e0272af4f00dd502ce79cc357276d9bc2495?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/978b23022518d076eaa243b375d2e0272af4f00dd502ce79cc357276d9bc2495?s=96&d=mm&r=g","caption":"Pavol Lupt\u00e1k"},"sameAs":["https:\/\/www.nethemba.com\/"],"url":"https:\/\/nethemba.com\/cs\/author\/nethemba-admin\/"}]}},"_links":{"self":[{"href":"https:\/\/nethemba.com\/cs\/wp-json\/wp\/v2\/posts\/1319","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/nethemba.com\/cs\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/nethemba.com\/cs\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/nethemba.com\/cs\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/nethemba.com\/cs\/wp-json\/wp\/v2\/comments?post=1319"}],"version-history":[{"count":0,"href":"https:\/\/nethemba.com\/cs\/wp-json\/wp\/v2\/posts\/1319\/revisions"}],"wp:attachment":[{"href":"https:\/\/nethemba.com\/cs\/wp-json\/wp\/v2\/media?parent=1319"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/nethemba.com\/cs\/wp-json\/wp\/v2\/categories?post=1319"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/nethemba.com\/cs\/wp-json\/wp\/v2\/tags?post=1319"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}