passing on from Opensuse, think this is the appropriate area.
regards
scsijon
-------------------------
Ever since rumors started to spread about Thai Duong and Juliano Rizzo's BEAST attack against SSL/TLS <http://www.infoworld.com/t/security/red ... ked-174025>, onlookers have fretted as to just how serious a threat it poses. In a nutshell, the attack is serious -- though for the time being, it's difficult to pull off because a would-be attacker has to work pretty hard to ensure that the target meets multiple preconditions. Unfortunately, the tools to pull off the attack are certain to evolve -- and many IT organizations aren't even taking the simple, necessary steps to protect themselves today.
The mere fact that the attack can be successful at all is significant. SSL/TLS is a VPN technology. VPNs are, by definition, supposed to keep your information safe even when it's being transmitted via an insecure network medium and a malicious party can intercept your protected traffic. The BEAST attack somewhat breaks SSL/TLS's VPN protections. In this sense, it's fairly important. With the right preconditions, a cyber criminal can steal your protected HTTPS cookie, which then essentially allows him or her to highjack your active HTTPS session. Make no mistake about it: The BEAST attack works as claimed.
[More]
http://www.infoworld.com/d/security/now ... 2011-10-04
--
You can always count on Americans to do the right thing - after they've tried everything else.
Sir Winston Churchill
--