I am sure some of you are aware of the new exploit of SSL connection. We have had secure connection and took it for granted. BEAST can crack the cookie and enter your account long after you closed your browser. For those who are selling online this is a very important issue and steps should be taken asap. Read deetailed report from TechRepublic article on the following link.
OK, so I understand what it is saying, but at the same time I don't get it. Is it saying that this BEAST can place fake orders? Or is it saying that it can rip credit card information?
What it means is that encryption using TLS (Transport Layer Security) 1.0 or below is no longer secure. Thus, any data so encrypted are vulnerable.
CC info is not stored in a cookie. Or better not be. But yes, somebody could use the info to place orders on your account, if the site has one of those "use previous information" functions. Then they have it shipped to their location.
Only if merchant does not verify CVC and use strict AVS.
Originally Posted by DonOmite
BEAST was sensationalised by the press as most people don't use TLS1.0.
SSL has been broken for a long time, but BEAST didn't really do anything new... It was just more graceful.
I like to compare it with FireSheep. It wasn't a new idea, just easy to adopt and sell for a profit. It made a, somewhat esoteric, hacking principle into something any script kiddie could do.