Cryptographers have once again put SSL/TLS (that's the padlock in HTTPS) in their gunsights and opened fire.
This time, they've done some severe damage.
The attack they've devised doesn't work against all possible ways that TLS can be used; it requires you to capture somewhere between millions and billions of connections that all contain the same plaintext; and it only works well for the first 200 bytes or so of the transmitted data.
Nevertheless, it reveals a deep-rooted problem in using the RC4 encryption algorithm to secure your TLS traffic.
read more.......http://nakedsecurity.sophos.com/2013/03/16/has-https-finally-been-cracked/?utm_source=dlvr.it&utm_medium=twitter&utm_content=rss2&utm_campaign=Feed