Researchers have found a critical flaw in the operating methods of encryption and SSL TLS web which would allow a malicious person to take the place of the user.

How to get into communication "sour".

The first problem is that scientists have published the results of their research by explaining how to go about exploiting that vulnerability. The second is that they think the bridge would affect the operation of TLS and SSL, which means that any fix will take considerable time and may never emerge.

The weak link is in the process of cryptographic authentication. While the client and the server validate their communication, a timeout in their relationship allows an attacker to take the flow of data hostage. We then get an attack of the classic man in the middle and the hacker can execute transactions on behalf of the victim.

TLS needs a replacement?

A report was submitted by a consortium dedicated to Internet safety and sponsor companies such as Cisco, IBM, Intel, Juniper Networks, Microsoft and Nokia. The IETF (detachment of the Internet Engineering) and various open source projects that implement the SSL have also alerted element.

The latest flaw SSL dated back to last summer (see "A flaw in the SSL certificate revealed") and related licenses. In the hopes it will wait to see the real scope of the problem and its popularity among pirates, but it is clear that the TLS method is beginning to show serious signs of weakness.