Report: 90% of Internet’s top 200,000 HTTPS-enabled websites are vulnerable to known types of SSL (Secure Sockets Layer) attack. Report is based on data from a new TIM project called SSL Pulse, which uses automated scanning technology developed by security vendor Qualys. The BEAST attack takes advantage of a flaw in SSL 3.0, allowing the attacker to grab and decrypt HTTPS cookies on an end user’s browser, effectively hijacking the victim’s session. A taskforce of security experts will review SSL governance issues and develop proposals aimed at fixing both SSL and the certificate authority systems.
Source: https://thehackernews.com/2012/04/90-ssl-sites-vulnerable-to-beast-ssl.html