About two months ago, I came across with a couple of interesting articles at the h-online.com regarding a vulnerability in SSL/TLS protocol which could lead to password theft. It is surprising that something we used to trust for years now has been compromised. At first I thought “what the heck..?!”. Indeed, what’s the point of choosing to use https or not at all. Well, the truth is that if you are investing in 100% security you are wasting your money. Unfortunately there is no such thing as 100% secure (at least for the time being). The good news is that there seems to be a solution to the TLS vulnerability. According to H-online:

The Internet Engineering Task Force (IETF) has ammended the RFC 5246 specification (Transport Layer Security [TLS] Protocol Version 1.2) and introduced a new renegotiation_info TLS extension which will store a connection’s cryptographic information.

If you ask me, there is nothing even close to 100% secure. The harsh truth is even when quantum cryptography will be applicable somehow, end-to-end security will still suffer from various kinds of attacks. Still having second thoughts every time you try to login somewhere..? In that case you should check out ForceHTTPS (a Firefox add-on) which forces https “every” time you hit the enter button.

ForceHTTPS allows sophisticated users to transparently retrofit security onto some insecure sites that support HTTPS.