Thread: A security hole even Mac users need to watch for

http://www.techradar.com/news/internet/secret-net-security-f... An unusual cloak-and-dagger operation being run by internet security experts has been exposed this week, after details of a flaw in the SSL protocol were made public. The problem with the Secure Sockets Layer standard that keeps e-commerce websites, mail servers and more safe from attack was first discovered in August by a phone-security firm called PhoneFactor. PF (or am I)

The key fact from that article: So far, no actual exploits of the SSL flaw have been found in the wild... They found the flaw in August; I'm surprise they haven't already coded a fix for it. Of course this means probably every server and browser on the world will have to be updated.

While any SSL\TLS exploit is something that needs to be fixed, they are always pretty low on the totem pole of security risks to most people and environments. Or as Bruce Schneier put many years ago, if an SSL exploit is your biggest worry, you're doing better than everyone else...or something like that. And as a previous poster basically said, no SSL\TLS exploit since the early days of Netscape have so far led to widespread exploits.