TLS posts - Security

November 5, 2009 8:50 AM PST

Zero-day flaw found in Web encryption

by Tom Espiner

16 comments

A zero-day flaw in the TLS and SSL protocols, which are commonly used to encrypt Web pages, has been made public.

Security researchers Marsh Ray and Steve Dispensa unveiled the TLS (Transport Layer Security) flaw on Wednesday, following the disclosure of separate, but similar, security findings. TLS and its predecessor, SSL (Secure Sockets Layer), are typically used by online retailers and banks to provide security for Web transactions.

Ray, who works with Dispensa at two-factor authentication company PhoneFactor, explained in a blog post this week that he had initially discovered the flaw in August and demonstrated a working exploit to Dispensa at the beginning of September.

Read more of "Zero-day flaw found in web encryption" at ZDNet UK.

Topics:: Vulnerabilities and attacks

Tags:: zero-day flaw,; encryption,; TLS,; SSL

Share:: Digg; Del.icio.us; Reddit; Facebook; Twitter

About Security

Online security is threatened by more than hacking and phishing attempts. Check here for the latest updates on software vulnerabilities, data leaks, and rapidly spreading viruses--and learn how to protect your systems.

Add this feed to your online news reader

Security topics

Most Discussed

Inside CNET News

Scroll Left Scroll Right

Deep Tech
'Don't-be-evil' Google spurns no-evil software
One open-source software programmer's joke--'The Software shall be used for Good, not Evil'--is a serious matter at Google.
Gallery
A real-world test of Google Goggles visual search (photos)
Wireless
AT&T resumes online iPhone sales in NY
It's once again safe to order an iPhone through AT&T's Web site if you live in New York, after an unexplained halt was enforced in the area over the weekend.
Beyond Binary
Visual Studio launch delayed by 'a few weeks'
Microsoft says it's still working to resolve some performance issues related to the Visual Studio 2010 developer tool suite, which was slated for a March release.
Video
Behind the scenes of CBS's NFL coverage
Software, Interrupted
Android and iPhone users not so different after all
Android and iPhone usage patterns look very much alike. Can RIM and others keep up with the way users want to user their mobile devices.
Video
Deep-sea volcanic explosion--part 2 (video)
The Social
Facebook COO nominated to Disney board
Sheryl Sandberg, who has been chief operating officer of the social network for nearly two years now, will join the board if shareholders approve in March.
The Space Shot
Soyuz craft docks, boosts space station crew
A Russian Soyuz spacecraft docked with the International Space Station Tuesday after a smooth, automated approach, boosting the lab's crew back up to five.
Gallery
Top-rated reviews of the week (photos)
Crave
Speculating on Chrome OS Netbook specs
If rumored specs for the Netbook prove true, it will house a Nvidia Tegra platform with an ARM CPU, a 10.1-inch multitouch screen that support HD, and much more.
Green Tech
Smart-grid spending to hit $200 billion by 2015
Technologies to automate and upgrade the grid will capture most of the $200 billion invested in modernizing electrical power systems, says Pike Research.