SSL and HTTPS: Not So Strong?
Modernizing Authentication — What It Takes to Transform Secure Access
The research community at large is calling for serious changes to the SSL and HTTPS protocols that securely connect our systems and transmit our sensitive data. In particular, most of us fall into a false sense of security when using HTTPS/SSL. For example, did you know that the US government has a technique that allows it to read SSL-encrypted traffic? Another example of insecure protocols involves hackers exploiting certificate-warning mechanisms to trick a user into accepting a bad certificate, which then causes his or her credentials to be stolen. Can we really rely on HTTP/SSL as failsafe and completely secure protocol set?