Researchers have discovered a weakness in the SSL (secure sockets layer) protocol. SSL is used by nearly all websites who are trying to protect data being sent from the web server to the end users browser.
The vulnerability was discovered in versions 1.0 and earlier of TLS (Transport Layer Security). Although versions 1.1 and 1.2 of TLS aren’t vulnerable, not many websites or browsers support them, making encrypted transactions on the likes of PayPal, Banking sites and just about every other website, vulnerable to eavesdropping by hackers who are able to control the connection between the end user and the website being visited.
The demo will decrypt an authentication cookie used to access a PayPal account, Duong said. Two days after this research was first published, Google released a developer version of its Chrome browser designed to thwart the attack.
Good to see Google are on the case to fix this before it becomes an everyday issue. LEts hope the rest of the browser developer community can be quick to act.