Then we find out that researchers have discovered A vulnerability resides in versions 1.0 and earlier of TLS. Their new tool, BEAST, is going to be released at the Ekoparty Security Conference. Our intrepid researchers say they've figured out a way to defeat SSL by breaking the underlying encryption it uses:
“While other attacks focus on the authenticity property of SSL, BEAST attacks the confidentiality of the protocol. As far as we know, BEAST implements the first attack that actually decrypts HTTPS requests.”This is also being discussed on the ISC Diary and other places, as there is some debate on whether or not this type of attack was discussed already in an earlier paper. Google has already included a work around in the developer version of Chrome, but i don't think there has been word on when the fix/ work around will be introduced in the consumer version of the browser.
Much going on in the SSL/TLS world still........