HTTPS, SSL attack vector discovered; fix is on the way
A security flaw that has been identified in the Transport Layer Security (TLS) protocol could open the door for man-in-the-middle (MITM) attacks against HTTPS communication. All implementations are said to be vulnerable because the flaw is in the protocol itself. Security researchers are taking steps to resolve the problem.
The flaw was originally found in August by researchers Marsh Ray and Steve Dispensa from security company PhoneFactor. They chose not to widely publicize the issue and began working in secret with other security experts and industry leaders to develop solutions. The flaw became known to the public this week when Martin Rex of SAP discovered it independently and posted a disclosure to the mailing list of the Internet Engineering Task Force.
