The inventor of SSL has labelled recent research into vulnerabilities in the SSL/TLS code as "over-sold".
The former secure sockets layer (SSL) champion at Netscape, Taher Elgamal, said the Browser Exploit Against SSL/TLS code (BEAST) was "powerful more than necessary".
Researchers Thai Duong and Juliano Rizzo revealed a vulnerability in versions 1.0 and earlier of TLS which allowed attackers to silently decrypt data that passed between a webserver and an end-user browser.
Duong and Rizzo had defeated SSL by breaking the underlying encryption it used to prevent sensitive data from being intercepted. They had used a JavaScript application and network sniffer to decrypt cookies.
But Elgamal said attackers would have "better things to do" than copy the exploit.
“If I can put malware on a machine, why should I read SSL?," he said.
"There is no issue with TLS 1.1 and everyone should be using the latest technologies, but the way this was published is so brash, it is so smart technically, but if I were an attacker I would have better things to do with my malware than read what people are doing, so why bother?”
Elgamal said the exploit was "technically clever" but it was "very over-sold".
“Trillion-dollar companies are worth going after and I am not defending the hackers, but these issues should be taken care of; this was over-marketed and that bothers me,” he said.
He said the unaffected TLS version 1.1 needs to be adopted by more users.
.png&h=140&w=231&c=1&s=0)
_page-0001.jpg&w=100&c=1&s=0)
.png&w=120&c=1&s=0)
Tech in Gov 2025
Forrester's Technology & Innovation Summit APAC 2025
Integrate Expo 2025
.png&w=120&c=1&s=0)
Security Exhibition & Conference 2025
Digital As Usual Cybersecurity Roadshow: Brisbane edition
.jpg&h=271&w=480&c=1&s=1)
.jpg&h=140&w=231&c=1&s=0)
.jpg&h=140&w=231&c=1&s=0)
