IOActive researcher Dan Kaminsky and independent researcher Moxie Marlinspike, speaking at the recent Blackhat event revealed a weakness in SSL, the security protocol that e-commerce ad banking websites use to protect private data such as credit card and login information. They showed how it is possible to fool a browser into thinking a rogie domain is in fact the bank, or trusted website it thinks its on. For more on this see http://www.wired.com/threatlevel/2009/07/kaminsky/ Firefox fixed this issue within days while it took Microsoft two months to fix it, which it did in this week’s “patch Tuesday” – this issue affected all Windows based browsers, including Safari and Google Chrome, because of the way certificates are handled by Windows. Firefox was only protected because they fixed it directly in the browser rather than depend on the OS to handle it.
This make is important to install the security updates this week, or better still, use Firefox as a browser, as it updates itself very efficiently.