Zero-day flaw found in Web encryption

Flaw is found in the Transport Layer Security and Secure Sockets Layer protocols, which have typically been used online retailers and banks to provide security for Web transactions.

A zero-day flaw in the TLS and SSL protocols, which are commonly used to encrypt Web pages, has been made public.

Security researchers Marsh Ray and Steve Dispensa unveiled the TLS (Transport Layer Security) flaw on Wednesday, following the disclosure of separate, but similar, security findings. TLS and its predecessor, SSL (Secure Sockets Layer), are typically used by online retailers and banks to provide security for Web transactions.

Ray, who works with Dispensa at two-factor authentication company PhoneFactor, explained in a blog post this week that he had initially discovered the flaw in August and demonstrated a working exploit to Dispensa at the beginning of September.

Read more of "Zero-day flaw found in web encryption" at ZDNet UK.

Featured Video

Apple dethroned as world's most highly valued company

An old foe with a new name took the title away from Cupertino. Also, Yahoo's looking at yet another big shake-up.

by Iyaz Akhtar