The good news about the discovery that the encryption procedure behind Secure Socket Layer and Transport Layer Security has been compromised is that the newest versions of both SSL and TLS are still safe and they have been available for a while now. The bad news is that not only do only a tiny handful of websites utilize TLS 1.1/1.2 and SSL 3.0, most browsers don’t even support the updated protocols. Oddly Internet Explorer and Internet Information Services both support the newer protocols, though they are not enabled by default; the only one that does have TLS 1.2 enabled by default is Opera.
"Researchers have discovered a serious weakness in virtually all websites protected by the secure sockets layer protocol that allows attackers to silently decrypt data that’s passing between a webserver and an end-user browser.
The vulnerability resides in versions 1.0 and earlier of TLS, or transport layer security, the successor to the secure sockets layer technology that serves as the internet’s foundation of trust. Although versions 1.1 and 1.2 of TLS aren’t susceptible, they remain almost entirely unsupported in browsers and websites alike, making encrypted transactions on PayPal, GMail, and just about every other website vulnerable to eavesdropping by hackers who are able to control the connection between the end user and the website he’s visiting."
Here is some more Tech News from around the web:
- Ultrabook platform may not benefit ODMs @ DigiTimes
- Intel downstream partners request CPU price drop @ DigiTimes
- Intel sets to invest NT$300 million in software designer Insyde @ DigiTimes
- Microsoft’s high-risk Windows 8 .NET switch @ The Register
- A Look at the Windows 8 Developer @ SemiAccurate
- Cisco plans virtual switch for Hyper-V in Windows Server 8 @ Ars Technica
- Apple makes a hash of password security (again) @ The Register
- Intel X79 chipset and Socket 2011 are ready for the desktop @ The Register
- Asus WL-330N3G 6 in 1 Wireless-N Mobile Router Review @ eTeknix
- Olympus PEN E-PM1 Review @ TechReviewSource
- XDC2011 Chicago Recap: Open-Source Graphics, GPGPU, OpenGL 3.0 @ Phoronix
- Name the Browser Contest – 2 Days Left! @ NGOHQ
- Win a Dell XPS Laptop with Overclock3D & Dell Outlet