A serious vulnerability in SSL v3 and previous versions of SSL protocol has been identified and made public on November 4, 2009. This makes every SSL site vulnerable to serious man-in-middle (MITM) attacks related to renegotiation. This vulnerability is due to the design of "session resumption" feature of SSL protocol.Who Gets affected? The impact of this issue is potentially significant. below are some points extracted from issue details, This attack has been demonstrated against recent versions of Apache httpd and Microsoft IIS, with a variety of clients. SSL is not secure anymore - Serious vulnerability identified in v3 & previous versions
What happens when one clicks on "Proceed to Checkout" on a website after browsing through their offerings? This is an analysis of the first milliseconds when an HTTPS connection with Amazon is established. A new page is loaded when proceeding to checkout: In the 220 milliseconds that flew by, a lot of interesting stuff happened to make Firefox change the address bar color and put a lock in the lower right corner. With the help of Wireshark, my favorite network tool, and a slightly modified debug build of Firefox, we can see exactly what's going on. The First Few Milliseconds of an HTTPS Connection
Understand the CROSS SITE SCRIPTING Vulnerability
Why Banked Blood Goes Bad It's been called the gift of life, but for many of the five million patients who receive blood transfusions every year, it can actually do more harm than good. It's a problem that doctors have been wrestling with for several years, as study after study shows a disturbing spike in heart disease and death in patients receiving transfusions. The trend affects almost every group of critically ill patients — from trauma sufferers in the ER to heart attack victims, patients with anemia and those undergoing chemotherapy. This increase in death and heart disease, doctors say, is unrelated to infectious blood-borne diseases or allergic reactions that often follow transfusions. "After you control for sickness and all sorts of things, patients who receive transfusions still have more heart attacks. It makes no sense," says Dr.