As you may have read, there have been reports of a new Exploit Kit released for the SSL/TLS Information Disclosure Vulnerability Zero Day called Browser Exploit Against SSL/TLS (BEAST). From SANS, "this hacking tool attacks browsers and decrypts cookies, potentially giving attackers access to encrypted website log-on credentials if the traffic is intercepted." They also note, it's important to understand that the BEAST exploit is actually a combination of two exploits:
2) An exploitable flaw in Java that can be used to bypass the browser's Same Origin Policy (SOP).
Qualys has a QID (90741) to detect this Vulnerability, that appears to check whether or not the Windows Web Server supports the vulnerable SSL 3.0/TLS 1.0 versions (not sure if it does anything else).
Is this motivating anyone to accelerate plans to move to the newer of TLS and/or take additional precautions?
Any other thoughts on this Zero Day and/or Exploit?
Additional links to related information is below: