SSL encryption compromised

You know that little HTTPS: we all love to trust when we do online transactions.. well the old versions (TLS v1.0 and earlier) have been compromised.  This means a serious weakness in virtually all websites protected by the secure sockets layer protocol that allows attackers to silently decrypt data that’s passing between a web-server and an end-user browser.

Although versions 1.1 and 1.2 of TLS aren’t susceptible, they remain almost entirely unsupported in browsers and websites alike, making encrypted transactions on PayPal, GMail, and just about every other website vulnerable to eavesdropping by hackers who are able to control the connection between the end user and the destination website.

At this point the hack isn’t usable by the average weenie on some remote country, the processing power needed is extreme but as the code is improved it’ll become more important to rely on TLS v1.1+ to remain secure.  The major browsers will likely soon release a patch to implement TLS v1.2 but it’s up to the website to deploy the other end to ensure secure communication.

Just thought you should know in case you didn’t feel vulnerable enough already.

This entry was posted in Internet, Server, Technology. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *