Here's what Netscape <a href=http://news.cnet.com/Netscape-patents-crypto-protocol/2100-1001_3-203307.html>said</a> in 1997, when it received the SSL patent:</p>

<p>"Netscape Communications (NSCP) quietly received a patent last month for one of the most popular types of encryption on the Internet, but the company says it will continue to give it away for free.</p>

<p>"The encryption in question is the Secure Sockets Layer protocol, or SSL. Both Navigator and Internet Explorer browsers use it to secure Web-based information, including credit card numbers, stock information, and private documents. Netscape applied for the patent back in 1995. The US Patent and Trademark Office granted the patent last month.</p>

<p>Even though SSL is heavily used in servers, browsers, and other networked products, Netscape said it has no plans to start charging developers for the source code or to impose other conditions.</p>

<p>"We don't want to discourage developers from using our platform," said spokesman Christopher Hoover. "An SSL license would be a real hurdle. It's not an income source that's necessary to exploit."

Guess now: which company bought the SSL patent from AOL last week?

"When a browser and a server launch a secure connection, they first have to decide which protocol versions they know, and settle on the most recent one known to both. Opera works with TLS 1.2, as does Internet Explorer 8 using Windows 7. Apparently, though, Apple's Safari, Mozilla's Firefox, and Google's Chrome do not, nor do many popular mobile browsers. This means that anyone using them might be vulnerable to a TLS 1.0 attack.<br />
<br />
"The attack, dubbed Browser Exploit Against SSL/TLS, or BEAST, lets a malicious party on a subverted network pass along scripting code that runs in a victim's browser when pages are requested."<br />
<br />
Security isn't having a very good year.

"DigiNotar — the CA that got hacked — announced bankruptcy yesterday. This is a very clear case where a company folded because it was hacked.<br />
"However, this is not the first time something similar has happened."<br />
<br />
Handful of examples. Notably absent: HBGary.

DigiNotar was the certification authority that the Dutch government used, until it got hacked (via a malicious Flash file embedded in Excel) and a set of SSL certificates issued fraudulently. "“Although we are saddened by this action and the circumstances that necessitated it,” said T. Kendall Hunt, VASCO’s Chairman and CEO, “we would like to remind our customers and investors that the incident at DigiNotar has no impact on VASCO's core authentication technology."<br />
<br />
One wonders how you can say that, though.