Security 10808 Published by

ComputerWorld posted a story that Microsoft today said it will issue a Windows security update to plug a long-known hole in the protocol that secures websites.



Although the flaw in SSL (secure socket layer) 3.0 and TLS (transport layer security) 1.0, the follow-on Web encryption protocol to SSL, has been known for about a decade, a practical exploit only surfaced last week when a pair of researchers demonstrated what they called BEAST, for "Browser Exploit Against SSL/TLS," a hacking tool that attacks browsers and decrypts cookies, potentially giving attackers access to encrypted website log-on credentials.
  Microsoft promises patch to block BEAST attacks