Microsoft today said it will issue a Windows security update to plug a
long-known hole in the protocol that secures websites.
Although the flaw in SSL (secure socket layer) 3.0 and TLS (transport
layer security) 1.0, the follow-on Web encryption protocol to SSL, has
been known for about a decade, a practical exploit only surfaced last
week when a pair of researchers demonstrated what they called BEAST, for "Browser Exploit Against
SSL/TLS," a hacking tool that attacks browsers and decrypts cookies,
potentially giving attackers access to encrypted website log-on