Researchers have discovered a serious weakness in virtually all websites protected by the secure sockets layer protocol that allows attackers to silently decrypt data that’s passing between a webserver and an end-user browser.
The vulnerability resides in versions 1.0 and earlier of TLS, or transport layer security, the successor to the secure sockets layer technology that serves as the internet’s foundation of trust. Although versions 1.1 and 1.2 of TLS aren’t susceptible, they remain almost entirely unsupported in browsers and websites alike, making encrypted transactions on PayPal, GMail, and just about every other website vulnerable to eavesdropping by hackers who are able to control the connection between the end user and the website he’s visiting.
The demo will decrypt an authentication cookie used to access a PayPal account, Duong said.
Related Posts: On this day...
- New Orleans cancels plans for Super Bowl drone - 2012
- HOWTO: Record the Cops: A guide to the technology for keeping government accountable - 2010
- How becoming a Stoic can make you happy - 2010
- PA school board pays $33K settlement for searching kid's phone and referring seminude self-portraits to DA for criminal prosecution - 2010
- MIT's Project "Gaydar" - 2009
- RIAA's in-school propaganda asks kids to act as unpaid PR staff - 2009
- Porn Is Losing Its Steam - 2008