SSL is not secure anymore - Serious vulnerability identified in v3 & previous versions. A serious vulnerability in SSL v3 and previous versions of SSL protocol has been identified and made public on November 4, 2009.
This makes every SSL site vulnerable to serious man-in-middle (MITM) attacks related to renegotiation. This vulnerability is due to the design of "session resumption" feature of SSL protocol.Who Gets affected? The impact of this issue is potentially significant. below are some points extracted from issue details, This attack has been demonstrated against recent versions of Apache httpd and Microsoft IIS, with a variety of clients. What is a Man-in-the-middle (MITM) Attack? A man in the middle attack is one in which the attacker intercepts messages in a public key exchange and then retransmits them, substituting his own public key for the requested one, so that the two original parties still appear to be communicating with each other.
Below is a simple example of a successful MITM attack in simple terms (extracted from Wikipedia) What is the Solution/Mitigation? The First Few Milliseconds of an HTTPS Connection. What happens when one clicks on "Proceed to Checkout" on a website after browsing through their offerings?
This is an analysis of the first milliseconds when an HTTPS connection with Amazon is established. A new page is loaded when proceeding to checkout: In the 220 milliseconds that flew by, a lot of interesting stuff happened to make Firefox change the address bar color and put a lock in the lower right corner. With the help of Wireshark, my favorite network tool, and a slightly modified debug build of Firefox, we can see exactly what's going on. By agreement of RFC 2818, Firefox knew that "https" meant it should connect to port 443 at Amazon.com: Most people associate HTTPS with SSL (Secure Sockets Layer) which was created by Netscape in the mid 90's.
It's a problem that doctors have been wrestling with for several years, as study after study shows a disturbing spike in heart disease and death in patients receiving transfusions. The trend affects almost every group of critically ill patients — from trauma sufferers in the ER to heart attack victims, patients with anemia and those undergoing chemotherapy. This increase in death and heart disease, doctors say, is unrelated to infectious blood-borne diseases or allergic reactions that often follow transfusions. "After you control for sickness and all sorts of things, patients who receive transfusions still have more heart attacks. It makes no sense," says Dr. Logically, and medically, patients who need transfusions — those with low blood counts — should benefit immediately from a transfusion of new oxygen-laden red blood cells.