Decade-old 'forbidden attack' vulnerability affects HTTPS Visa sites

A number of supposedly secure HTTPS sites owned by Visa are vulnerable to what has been dubbed the 'forbidden attack'. The security flaw makes it possible for hackers to inject content and code into sites, as well as opening up the possibility of performing man-in-the-middle attacks. A team of researchers have published a paper that shows how 70,000 HTTPS servers were vulnerable to the attack, and 184 were found to be particularly at risk. While many of the affected sites have since been patched, sites belonging to Visa and Polish banking associate Zwizek Banków Polskich remain insecure because of reusing… [Continue Reading]