This presentation overlaps with this paper:
C. Meyer and J. Schwenk.  Lessons Learned From Previous SSL/TLS Attacks - A Brief Chronology Of Attacks And Weaknesses. <https://eprint.iacr.org/2013/049>

Here's the book I mentioned during the question period:
C. Stoll, The Cuckoo’s Egg: Tracking a spy through the maze of computer espionage. New York: Doubleday, 1989.

And there's yet another attack I found out about just now: The Lucky Thirteen Attack:
* S. Vaudenay, Security Flaws Induced by CBC Padding - Applications to SSL, IPSEC, WTLS.  Inproc. EUROCRYPT 2002.  <https://www.iacr.org/cryptodb/data/paper.php?pubkey=2850>
* <http://www.isg.rhul.ac.uk/tls/>

The takeaway here is that this is the *third* time that the timing side-channel involving CBC padding has been fixed.  Writing code to run in constant time regardless of the inputs is hard on modern out-of-order, CISC architectures with optimizing compilers.  Did I say "hard"?  I meant "fiendishly difficult".  As in, "Writing a constant-time implementation might get you published" difficult.

The real design flaw here was that the MAC is not the very last thing applied before transmission.  You have to de-pad the message before verifying the MAC.  This leaves a timing side-channel where you reject improperly-padded messages faster than properly-padded messages with invalid MACs.  That was patched by verifying the authenticity of improperly-padded messages, but it turns out that you can make Bob's HMAC cover one extra block on an improperly-padded message.  Timing side-channel!

The correct implementation is either an Encrypt-then-MAC construction or a Authenticated Encryption with Associated Data (AEAD) block-cipher mode.

Looks like the only immediate mitigation is to prioritize the use of RC4 (a stream cipher) in your TLS configurations.  Longer term is to switch to TLS 1.2's AEAD cipher suite(s) (AES-GCM seems to be the only AEAD suite).

Adam Langley's Blog: <http://www.imperialviolet.org/>
* Langley works for Google.  He's in charge of the TLS stack for Chrome.
* About Chrome's CRL Sets: <http://www.imperialviolet.org/2012/02/05/crlsets.html>
* Diagrams showing compression attack: <http://www.imperialviolet.org/2012/09/21/crime.html>

Mozilla Security Blog: <https://blog.mozilla.org/security/>
* Comodo revocation: <https://blog.mozilla.org/security/2011/03/25/comodo-certificate-issue-follow-up/>
* DigiNotar revocation: <https://blog.mozilla.org/security/2011/09/02/diginotar-removal-follow-up/>
* TurkTrust revocation: <https://blog.mozilla.org/security/2013/01/03/revoking-trust-in-two-turktrust-certficates/>

Mozilla Certificate Policy: <https://www.mozilla.org/projects/security/certs/policy/>
WIP Version: <https://www.mozilla.org/projects/security/certs/policy/WorkInProgress/>

G. V. Bard, A Challenging but Feasible Blockwise-Adaptive Chosen-Plaintext Attack on SSL. <http://eprint.iacr.org/2006/136>

J. Kelsey, Compression and Information Leakage of Plaintext. <http://www.iacr.org/cryptodb/archive/2002/FSE/3091/3091.pdf>

BEAST and CRIME were demonstrated by 
Juliano Rizzo (independent) and Thai Duong (Google) at Ekoparty 2011 and 2012 respectively.  I can't tell that there are any publications associated with this conference.