Does it affect your secure webserver?
You should know, if you accept credit cards or handle social security numbers on your website.
See these two articles for more expert information:
Testing:
This company will test your https connection. Here’s a example report.
https://www.ssllabs.com/ssltest/analyze.html?d=https%3A%2F%2Fmillfalls.com&hideResults=on
From Lux-Sci: Real-world vulnerability? What is affected by BEAST?
This problem can affect people browsing secure web sites, allowing eavesdroppers to gain full access to your accounts on those web sites under certain conditions. It does not affect
- Other secured services such as email (IMAP, POP or SMTP) that use SSL or TLS for security.
- Use of SSL-secured web site connections for posting data (i.e. posting data from secure web forms)
It does affect:
- Accounts you may have with secure web sites that you login to, like PayPal, LuxSci, Gmail, Bank of America, Facebook, etc.
Solution:
It is not yet feasible to use a browser or webhost that supports TLS 1.2. For now, here is LuxSci’s advice:
The Take Away Message
People should always be concerned and aware of security as the landscape changes constantly. We think that beyond the need to upgrade and to implement software fixes, consider the following:
- We should actually use SSL and TLS whenever possible. Insecure sites puts our browser and computer at risk, as we have no control over what malicious third party may inject into our browsing session. SSL and TLS actually protect us from that threat.
- When going to secured web sites, it is best to start in a new browsing session or one that has only visited other secure (https://) sites.
- Make your home page a secure site and your other secure sites easily-accessed via bookmarks
- Use a separate web browsers for normal insecure browsing and for access to your secure sites.
- Keep your software, web browsers, operating system, anti-virus, and other components up to date.