Researchers Break Browser Encryption That Protects The Internet

Do you use Gmail? How about Facebook? Maybe Amazon? All of these rely on SSL, an encryption technology that keeps what goes between you and a website. It’s the little lock icon. Now two guys say they’ve cracked the code.

Thai Duong and Juliano Rizzo are these two guys. This week, The Register reports, they’ll show the world how to kill PayPal’s SSL with only an itsy bitsy piece of code, unravelling the entire encryption process and leaving your ostensibly private data open to eavesdroppers. The implications for this are massive.

The problem lies with what’s called TLS, the newest generation of SSL. TLS 1.0 is vulnerable. TLS 1.1 and 1.2 aren’t supported by any browsers. Websites don’t want to switch from 1.0, because they don’t want to lose everyone who visits their site. This is pretty complicated.

If an exploit is released into the wild, both browser devs and website operators will be forced — lest they wittingly put their users into a possible security nightmare — to upgrade to a more secure encryption version. The transition, I suspect, won’t be entirely smooth. But be glad Duong and Rizzo found it before someone who isn’t planning on demonstrating it to a legitimate security conference. [The Register]


The Cheapest NBN 50 Plans

It’s the most popular NBN speed in Australia for a reason. Here are the cheapest plans available.

At Gizmodo, we independently select and write about stuff we love and think you'll like too. We have affiliate and advertising partnerships, which means we may collect a share of sales or other compensation from the links on this page. BTW – prices are accurate and items in stock at the time of posting.