Scalable Scanning and Automatic Classification of TLS Padding Oracle Vulnerabilities

Explore a comprehensive conference talk on the detection and classification of TLS padding oracle vulnerabilities in modern Internet implementations. Delve into the innovative three-step scanning methodology used to identify vulnerabilities in 1.83% of Alexa Top Million websites. Learn about the creation of probes, reduction techniques for large-scale scanning, and clustering of findings using graph drawing algorithms. Discover how CBC padding oracle attacks can be exploited without precise timing measurements, posing a greater threat than previously assumed. Gain insights into TLS protocol security, CBC encryption, padding oracles, and vulnerability identification techniques. Understand the implications of these findings for Internet security and the importance of addressing obsolete cryptographic algorithms in currently-deployed TLS versions.