I just read this story which explains how the Swiss Federal Institute of Technology
exploited a flaw in the SSL protocol to hijack an 8 character password from a bunch of SSL encrypted email logins.
I was surprised. What does the security community think of this?
http://www.newscientist.com/news/news.jsp?id=ns99993420
Also interesting, comments from SSL 3.0 designer Paul Kocher:
http://slashdot.org/articles/03/02/20/1956229.shtml?tid=93&tid=172
ap
