Bitcoin Forum

http://www.theregister.co.uk/2011/09/19/beast_exploits_paypal_ssl/

Researchers claim to have a found a way to decrypt SSL traffic, needing about 10 minutes to crack the encryption. The article doesn't go into much detail on what is required for the attack to work, and it's just one post on the register... Still, careful out there.

Looks like it requires some JavaScript exploitation in order for this exploit to work, none the less if your not a white-hat expert your pretty vulnerable to these kind of things

Yep, it's a man-in-the-middle from what I can tell. So if you're on a trusted net connection and careful with your browsing, your risk should be fairly low. Public wifi etc. on the other hand...

It's TLS 1.0 that's broken, not SSL 1.0 ...

Thank you, was wondering when someone who actually bothers to read would point that out to people. ;p

With that in mind are there any browsers about that support TSL 1.1 and/or 1.2?

Well, SSL 1.0 was broken a long time ago, never use it.



Yes Opera supports it very well. But this doesnt help you with IIS being the only common used web server with at least wacky and hidden support for it. So basically on the server side coverage tends to be zero.

Of course this may change now.

Stay tuned this Friday's release

http://www.h-online.com/security/news/item/Tool-cracks-SSL-cookies-in-just-ten-minutes-1346387.html