

Survey Finds Secure Sites Not So Secure - pwg
https://threatpost.com/en_us/blogs/survey-finds-secure-sites-not-so-secure-042712

======
lsh123
BS. The BEAST attack requires first injecting JS into the browser which in
turns requires being man-in-the-middle. After that all bets are off and there
are easier ways to hack the system.

Moreover, the only known solution on the server side - downgrading to RC4 (TLS
1.1+ is not supported on majority of the browsers). The cure is worse than the
decease.

