Man-In-the-Middle Vulnerability For SSL and TLS

imbaczek writes "The SSL 3.0+ and TLS 1.0+ protocols are vulnerable to a set of related attacks which allow a man-in-the-middle (MITM) operating at or below the TCP layer to inject a chosen plaintext prefix into the encrypted data stream, often without detection by either end of the connection. This is possible because an 'authentication gap' exists during the renegotiation process, at which the MitM may splice together disparate TLS connections in a completely standards-compliant way. This represents a serious security defect for many or all protocols which run on top of TLS, including HTTPS."

Now the terrorists win.

[elucido]

So now that SSL is pretty much useless, lets assume the terrorists have all of our https and ssl secured credit card numbers. This is on top of the random number generator vulnerability in Windows which most people don't know about.

Re:We need to invest in Quantum Physics.

[Interoperable]

As someone doing graduate work in quantum information I can say that the same old measurement jokes really just aren't funny. That's it. No meta-joke, they're just not funny.

I can also say that we really should invest much, much more money into quantum physics. Buckets and buckets of money.