Poor SSL. It’s been the standard for so long, but it’s had a rough go of it the last few months. First there were the breaches at Comodo and Diginotar, allowing intruders to generate seemingly-authentic certs to trick users, and now this.
In particular, security researchers Juliano Rizzo and Thai Duong have built a tool that’s capable of decrypting and obtaining the authentication tokens and cookies used in many websites’ HTTPS requests. “Our exploit abuses a vulnerability present in the SSL/TLS implementation of major Web browsers at the time of writing,” they said.