Zero-day flaw found in Web encryption

Flaw is found in the Transport Layer Security and Secure Sockets Layer protocols, which have typically been used online retailers and banks to provide security for Web transactions.

A zero-day flaw in the TLS and SSL protocols, which are commonly used to encrypt Web pages, has been made public.

Security researchers Marsh Ray and Steve Dispensa unveiled the TLS (Transport Layer Security) flaw on Wednesday, following the disclosure of separate, but similar, security findings. TLS and its predecessor, SSL (Secure Sockets Layer), are typically used by online retailers and banks to provide security for Web transactions.

Ray, who works with Dispensa at two-factor authentication company PhoneFactor, explained in a blog post this week that he had initially discovered the flaw in August and demonstrated a working exploit to Dispensa at the beginning of September.

Read more of "Zero-day flaw found in web encryption" at ZDNet UK.

Tags:
Security
About the author
 

Discuss Zero-day flaw found in Web encryption

Conversation powered by Livefyre

This week on CNET News
Hot Products
Trending on CNET

CNET's top picks

9 vacuums you need to see

We’ve selected a variety of vacuums that offer something extraordinary – from a fantastically sturdy upright to a low-key bot with Roomba-level performance.