ALPACA gnaws through TLS protection to snarf cookies and steal data

Boffins find flaw in web security that enables certificate confusion

Academics from three German universities have found a vulnerability in the Transport Layer Security (TLS) protocol that under limited circumstances allows the theft of session cookies and enables cross-site scripting attacks....