Congrats to Fabian Bäumer, Marcus Brinkmann, Nurullah Erinola, Sven Hebrok, Nico Heitmann, Felix Lange, Marcel Maehren, Robert Merget, Niklas Niere, Maximilian Radoy, Conrad Schmidt, Jörg Schwenk, Juraj Somorovsky on the 2nd #ACSAC2024 Cybersecurity Artifacts Impact Award 👏👏👏
It is really ridiculous that disclosing crypto vulnerabilities is so hard nowadays. We can practically decrypt @fastly TLS sessions, and they ignore/misunderstand our disclosure for 2 months. Is that really so hard to understand TLS if you are a large CDN???
#WAC6 talks:
Another longer talk is dedicated to a "large-scale analysis of cryptographic dangers with TLS session tickets" by Sven Hebrok @xoimex.
The paper with @snachti, @jurajsomorovsky, et al. will be at USENIX'23.
Full workshop program: https://t.co/3cJT5Ypgi9
In our newest USENIX paper, @XoIMEX, @snachti, @marcelmaehren, @nerinola1, @ic0nz1, @JoergSchwenk, and me took a look at the TLS session ticket deployment in the wild and found diverse vulnerabilities: https://t.co/8UvZzFBflF (1/12)
Session tickets improve the TLS protocol performance. But what are the dangers associated with session tickets and how wide-spread are they?
Get the answers in @xoimex ’s large-scale analysis.
RuhrSec Ticketshop
👉 https://t.co/LiC7f1AIeq
🌐 https://t.co/sUEG9mxozf
#ITsecurity