Today we are publishing details of a vulnerability in the design of SSL version 3.0. This vulnerability allows the plaintext of secure connections to be calculated by a network attacker.
Should we freak out? Yes and no. This version of SSL is old—15 years old—and most sites don't use it anymore. However, sites often use older versions as a backup which might trigger the vulnerability, and people who'd want to prey upon someone's online security have ways to trick sites into using the vulnerable version.
Google has some tips on how to disable a fallback to 3.0 and if everyone would follow their guidelines it would mostly solve—or at least seriously mitigate—the problem. But like we found with Heartbleed, trying to get every website on the internet to change the way it does something is damn near impossible. [Google via Yahoo]
source: gizmodo.com by Alissa Walker