Zero-day flaw found in Web encryption

Flaw is found in the Transport Layer Security and Secure Sockets Layer protocols, which have typically been used online retailers and banks to provide security for Web transactions.

A zero-day flaw in the TLS and SSL protocols, which are commonly used to encrypt Web pages, has been made public.

Security researchers Marsh Ray and Steve Dispensa unveiled the TLS (Transport Layer Security) flaw on Wednesday, following the disclosure of separate, but similar, security findings. TLS and its predecessor, SSL (Secure Sockets Layer), are typically used by online retailers and banks to provide security for Web transactions.

Ray, who works with Dispensa at two-factor authentication company PhoneFactor, explained in a blog post this week that he had initially discovered the flaw in August and demonstrated a working exploit to Dispensa at the beginning of September.

Read more of "Zero-day flaw found in web encryption" at ZDNet UK.

Tags:
Security
About the author
 

Join the discussion

Conversation powered by Livefyre

Don't Miss
Hot Products
Trending on CNET

TechProbe Volunteers Wanted: Huawei Mate 7

Your chance to test drive and keep the Huawei Mate 7 phone

Tell us about the technology you're using right now, and how a smartphone could help you in your professional life.