SSL Vulnerability

Last week, Cisco issued an advisory for a security vulnerability in TLS 3.0.  TLS (Transport Layer Security) is the protocol that defines the SSL connections used for encrypted Internet browser sessions — such as those used for shopping and banking transactions.  SSL is essential for secure and private communications on the web.

I heard about this man-in-the-middle vulnerability listening to Steve Gibson’s Security Now podcast.  Steve plans to go into the details in the upcoming episode.  I am not sure that it is time panic, but a fix for the problem is a high priority.  According to Computerworld, the attacker must be on your local area network.  That means anyone who wants to perform secure transactions should avoid open Wi-Fi hotspots or use a VPN to secure their traffic.  Keep your browser updated — fixes are sure to be coming soon.