More

Hackers Break SSL Encryption Used By Millions Of Sites

Cyber Security

First Posted: 09/20/11 10:59 AM ET Updated: 11/20/11 05:12 AM ET

Inspiring
 Funny
 Obsolete
 Scary
 Must-Have
 Amazing
 Innovative
 Nerdy

The Register:

Researchers have discovered a serious weakness in virtually all websites protected by the secure sockets layer protocol that allows attackers to silently decrypt data that's passing between a webserver and an end-user browser.

Read the whole story: The Register

FOLLOW HUFFPOST TECH

Researchers have discovered a serious weakness in virtually all websites protected by the secure sockets layer protocol that allows attackers to silently decrypt data that's passing between a webserve...
Researchers have discovered a serious weakness in virtually all websites protected by the secure sockets layer protocol that allows attackers to silently decrypt data that's passing between a webserve...
Related News On Huffington Post:
 

Read more from Huffington Post bloggers:
Alex Pasternack

Alex Pasternack: How Criminals Steal Passwords, Bank Websites, and the Internet: An Interview with Rod Rasmussen

In 1997, as tends to happen on the internet, someone did something bad: they set up an account posing as an AOL billing representative, and emailed thousands of people with a simple request.
Henry Harrison

Henry Harrison: Why Doesn't Anyone Want to Shout About Cyber Attacks?

I was wondering recently why more companies aren't reporting being victims of cyber attacks. What would happen if companies were forced by legislation to report a breach? What if they could do it anonymously?

Filed by Ramona Emerson  | 

More in Technology...


 
 
  • Comments
  • 17
  • Pending Comments
  • 0
  • View FAQ
Comments are closed for this entry
View All
Favorites
Recency  | 
Popularity
photo
SoSouthern
11 Fans
08:21 AM on 09/21/2011
"Huge Flaw Found In Gmail Security System"

Most misleading article I've seen in a while. Amateur reporters these days.
Permalink  |
photo
HUFFPOST SUPER USER
DungBeetle
Rolling Neocons Into A Ball
812 Fans
05:49 PM on 09/20/2011
I'm furious about this. Furious!
Permalink  |
HUFFPOST SUPER USER
GrooveGrl4
75 Fans
03:35 PM on 09/20/2011
I recently had my debit card number stolen - I had the card in my possession at all times, yet someone managed to get the card number, the three digit number on the back of the card, AND my billing address, and the lady I talked to at Bank of America seemed to think that my number had been hacked. I wonder if this security vulnerability has anything to do with how my number was stolen, as I shop online exclusively through Amazon or "secure" sites that use PayPal or Google Checkout.
Permalink  |
photo
HUFFPOST SUPER USER
nohopepope2187
Honest † Impartial † Enlightening † Centrist
224 Fans
03:50 PM on 09/20/2011
I saw your problem halfway into your post: "Bank of America."
Permalink  |
This user has chosen to opt out of the Badges program
poster1122
117 Fans
04:16 PM on 09/20/2011
Unfortunately, there's a number of ways this could have happened. It's theoretically possible that BofA, Amazon, PayPal, etc. got hacked. However, it's also possible that the numbers were copied when you using the card to do an in-person transaction (at a restaurant, market, etc). A few years ago, for example, there was a scam at a number of cheap gas stations where they replaced the motherboard with one that copied and stored your information.
Permalink  |
This user has chosen to opt out of the Badges program
photo
Eris23
Justice is in indefinite detention.
482 Fans
01:46 PM on 09/20/2011
"In an email sent shortly after this article was published, Rizzo said refinements made over the past few days have reduced the time required to under 10 minutes."

If they haven't bothered tweaking it to be CUDA enabled, it could possibly go down to 2 minutes from there. ;)
Permalink  |
photo
HUFFPOST SUPER USER
theveggiedude
my body is a temple, not a living graveyard
253 Fans
 
01:02 PM on 09/20/2011
The headline I saw was "Huge Flaw Found In Security System Used By Millions Of Sites" but apparently others saw something else, to do with Google.
Permalink  |
HUFFPOST SUPER USER
garumphul
leave me alone, I don't want you as a friend
105 Fans
01:37 PM on 09/20/2011
Yeah, the original headline said it was the security sytem used by google mail (or something).

Obviously somebody looked at it, slapped around the tube that came up with the headline in the first place, and changed it to something a tad more accurate.

You should be careful... the sky is falling. Get a hat or something.
Permalink  |
HUFFPOST SUPER USER
garumphul
leave me alone, I don't want you as a friend
105 Fans
12:34 PM on 09/20/2011
That's just about the worst, most misleading headling I've ever seen.

However, moving on from that that to discuss the actual arcticle..

It's a weakness in version 1.0 of TLS, which was release in 1999. Later versions (since 2006) are okay.

So.... if you're running an IIS or Apache server that hasn't been patched in the last 5 years, your company has probably been hacked into oblivion already, so this really won't affect you or your customers one little bit.

It's almost a non-story. I
Permalink  |
HUFFPOST SUPER USER
garumphul
leave me alone, I don't want you as a friend
105 Fans
01:01 PM on 09/20/2011
Actually, I have to correct myself.

It seems that a total of zero sites support TLS above 1.0. IE has 1.1 and 1.2 disabled by default (but at least it has the option!), and both Chrome and Firefox only have support for 1.0.

So. I retract most of what I said above.

The sky is in fact falling. Frankie says: Run, hide yourselves.
Permalink  |
photo
HUFFPOST SUPER USER
DungBeetle
Rolling Neocons Into A Ball
812 Fans
05:49 PM on 09/20/2011
Correction not accepted. Sorry.
Permalink  |
Bronhi
17 Fans
12:29 PM on 09/20/2011
Yes, only Gmail and Google use SSL... try doing some research before you write an article..
Permalink  |
This user has chosen to opt out of the Badges program
photo
BakoBitz
2 Fans
11:40 AM on 09/20/2011
WOW! HuffPost has sunk to a new low, somehow blaming Google and Gmail for a bug found in an Internet security protocol that's used by millions and millions of sites across the Web.

Was it too stressful having just a negative Apple headline up there, and you felt you had to balance it out?
Permalink  |
photo
enigmatic zero
52 Fans
11:24 AM on 09/20/2011
[["Huge Flaw Found In Gmail Security System"]]

HP what is wrong with you??

SSL is used by MILLIONS of sites..and is not unique to gmail alone..in fact pretty much everybody uses ssl.

Maybe it's time to look at letting non-Apple fanboys write articles for a change? The editorial quality of this HP section is laughable!
Permalink  |
AStranger
92 Fans
11:16 AM on 09/20/2011
"Huge Flaw Found In Gmail Security System"

Another misleading HP headline.
Permalink  |