SSL hacked - millions of sites at risk.

[no1_vern]

Hackers break SSL encryption used by millions of sites - The Register

Beware of BEAST decrypting secret PayPal cookies

By Dan Goodin

Posted in ID, 19th September 2011 21:10 GMT

The vulnerability resides in versions 1.0 and earlier of TLS, or transport layer security, the successor to the secure sockets layer technology that serves as the internet's foundation of trust. Although versions 1.1 and 1.2 of TLS aren't susceptible, they remain almost entirely unsupported in browsers and websites alike, making encrypted transactions on PayPal, GMail, and just about every other website vulnerable to eavesdropping by hackers who are able to control the connection between the end user and the website he's visiting.

Its ONLY a "proof of concept" exercise for now, how many hours before its in the wild is anyones guess.

[Taxmancometh]

I just new it could be done.

But see now here's the flaw.

“BEAST is like a cryptographic Trojan horse – an attacker slips a bit of JavaScript into your browser, and the JavaScript collaborates with a network sniffer to undermine your HTTPS connection,”

I run Noscript, so lets see if this could work on my end. HEHE.

[no1_vern]

I use NoScript myself, it is a good piece of software. How many of the hundreds of millions of 'netizens do you think actually use it?

[Taxmancometh]

World Internet Usage Statistics News and World Population Stats

2,117,080 users https://addons.mozilla.org/en-US/fir...ch/?q=noscript

[GroundZero3]

Im waiting for them to demo it, would be interesting to see how well it works out in the wild.

[Dude111]

People who do this REALLY SUCK!!!!!!!

The world is full of so much evil its not funny....

NOTHING IS SAFE FROM THESE SCUMBAGS

[Taxmancometh]

That's why you stay ahead of the game. Use Noscript and the exploit won't happen. I bet the author of Noscript will update the addon just for this.

[GroundZero3]

People who do this REALLY SUCK!!!!!!!

The world is full of so much evil its not funny....

NOTHING IS SAFE FROM THESE SCUMBAGS

You think this is really considered evil? I would give that label to murders, rapist, burglers, and people who prey on little kids that title.

Its just the internet Dude, dont take it so seriously. Plus if you are still running windows 98 you have bigger things to worry about security wise

[no1_vern]

World takes notice as SSL-chewing BEAST is unleashed • The Register

World takes notice as SSL-chewing BEAST is unleashed


Google, Microsoft, Mozilla patch cracks in net's foundation of trust

By Dan Goodin in San Francisco • Get more from this author

SNIP

With the decrypting of a protected PayPal browser cookie at a security conference Friday, it became official: the internet's foundation of trust has suffered yet another serious fracture that will require the attention of the industry's best minds.

Within hours of the demonstration by researchers Juliano Rizzo and Thai Duong, Google researcher Adam Langley signaled his growing acceptance that secure sockets layer, the decade-old cryptographic standard that protects web addresses using the https prefix, was susceptible to an attack that previously was considered impractical. The result: by tampering with with an encryption algorithm's CBC – cipher block chaining – mode, hackers could secretly decrypt portions of the encrypted traffic.

Firefox devs mull dumping Java to stop BEAST attacks • The Register

Firefox developers searching for a way to protect users against a new attack that decrypts sensitive web traffic are seriously considering an update that stops the open-source browser from working with Oracle's Java software framework.

[Taxmancometh]

My votes for Noscript again. Plus I use an addon called quickjava which allows me to keep Java off unless I need it for a particular website.

[Dude111]

You think this is really considered evil? I would give that label to murders, rapist, burglers, and people who prey on little kids that title.

Well why do they try to hurt people buddy??

People they dont even know,what have they done to them??

Its just so mean all the bad things people do to others online (Virus's,scams,etc)

[GroundZero3]

Dude if you take the internet too seriously you will never make it out alive

[Dude111]

Yea i guess thats true!!

I consider everyone to be a friend and thats sadly not the case..... THE INTERNET DEPICTS REAL LIFE