Welcome to WebmasterWorld Guest from 188.8.131.52
Forum Moderators: phranque
Researchers have discovered a serious weakness in virtually all websites protected by the secure sockets layer protocol that allows attackers to silently decrypt data that's passing between a webserver and an end-user browser.
The vulnerability resides in versions 1.0 and earlier of TLS, or transport layer security, the successor to the secure sockets layer technology that serves as the internet's foundation of trust. Although versions 1.1 and 1.2 of TLS aren't susceptible, they remain almost entirely unsupported in browsers and websites alike, making encrypted transactions on PayPal, GMail, and just about every other website vulnerable to eavesdropping by hackers who are able to control the connection between the end user and the website he's visiting.
"Opera remains the only browser that deploys TLS 1.2 by default."
Opera remains the only browser that deploys TLS 1.2 by default.
(3. Enable TLS 1.2 in Internet Explorer, which is off by default I read. I don't know how you do that.)
That means authentication cookies of 1,000 to 2,000 characters long will still take a minimum of a half hour
There is no TLS 1.2 box in IE9. There is only TLS 1.0 box.
it's probably going to contain more than just a password
However, checking TLS 1.1 & TLS 1.2 in IE has been known to make certain sites unreachable
Google has prepared an update for its Chrome browser that protects users against an attack that decrypts data sent between browsers and many websites protected by the secure sockets layer protocol.
I happen to know the details of this attack since I work on Chrome's SSL/TLS stack. The linked article is sensationalist nonsense, but one should give the authors the benefit of the doubt because the press can be like that.
Fundamentally there's nothing that people should worry about here. Certainly it's not the case that anything is 'broken'.
There is in mine, maybe it it dependent on the operating system you are running?
I see TLS 1.0, 1.1, 1.2