Security hole in SSL implementation
Slashdot reports: “The folks at LASEC have found a flaw in the SSL protocol. Quoting Professor Serge Vaudenay from a BBC article the security problem is in ‘the SSL protocol itself and not in how we use it or how we implement it.’ Apparently the flow only affects webmail and not banking or credit card payments and took less than an hour (160 attempts) to crack.”
OpenSSL.org posted a security advisory regarding the issue.
Note: This was not a protocol issue, but an Implemenation issue.
