In last couple of years we have witnessed many SSL/TLS vulnerabilities with various acronyms: POODLE, BEAST, BREACH, CRIME, DROWN, FREAK and SWEET32 - to name some. Almost every time, a snazzy logo and a lot of panic around the vulnerability made us believe that this is the end of secure communication on the Internet.
However, we are yet to see any real hacks that actually exploited one of the above mentioned vulnerabilities.
This presentation will explain how these vulnerabilities work and will comment on their viability for web, mobile and fat client applications.
We will try to identify the SSL/TLS vulnerabilities who cried wolf, so we can concentrate on those that pose a serious threat (if such exist, that is).