Most SSL Sites Vulnerable

"One example of a declarative protection measure is the use of the secure flag for cookies. Ristic explained that even for sites that are 100 percent SSL encrypted, if they don't set the secure flag on their session cookie, those cookies can be sniffed by an attacker...

"Ristic explained that the secure cookie flag is supposed to be set in the application itself. Setting a secure cookie is as easy as adding the word 'secure' in the settings for the cookie. Qualys' examination only found that 14,506 or approximately six percent of their survey base had properly configured secure cookies. Put another way, 94 percent of SSL cookies could be at risk."

Complete Story

Related Stories:

• Who Do You Trust with SSL?(Aug 07, 2011)
• How To Set Up MySQL Database Replication With SSL Encryption On Debian Squeeze(Jun 10, 2011)
• Stresslinux 0.7.105 Released(Apr 20, 2011)
• PostgreSQL, OpenSSL, and the GPL(Feb 26, 2011)
• Testing Linux Mail Servers with OpenSSL (Feb 15, 2011)
• Breaking SSL on Embedded Devices (/dev/ttyS0)(Dec 24, 2010)
• 7 Practical uses of Openssl(Dec 09, 2010)
• Red Hat warns of hole in OpenSSL(Nov 17, 2010)
• The EFF SSL Observatory(Aug 06, 2010)
• OpenSSL 1.0.0 released(Mar 30, 2010)
• Attacks Against SSL(Jan 31, 2010)
• Setting up an SSL Certificate in Apache(Jan 26, 2010)