Two security researchers are calling for an industry-wide response to fix a serious vulnerability they discovered in the SSL protocol, used widely on the Internet for secure data transfers. But a noted network security researcher says the vulnerability has very little impact on most users and will not result in data loss.
Moxie Marlinspike, a security researcher who has discovered high- profile security flaws, said the vulnerability has extremely limited value in practice. The attack is not designed to intercept traffic. Instead code is injected revealing nothing to the attacker, Marlinspike said.

"It has virtually no impact on the majority of users in the common case of how SSL/TLS is deployed," Marlinspike wrote in an email message. "It doesn't affect your webmail, online banking or online shopping experience."

The link for this article located at SearchSecurity is no longer available.