A good overview of SSL bug in iOS by AGL
This signature verification is checking the signature in a ServerKeyExchange message. This is used in DHE and ECDHE ciphersuites to communicate the ephemeral key for the connection. The server is saying “here's the ephemeral key and here's a signature, from my certificate, so you know that it's from me”. Now, if the link between the ephemeral key and the certificate chain is broken, then everything falls apart. It's possible to send a correct certificate chain to the client, but sign the handshake with the wrong private key, or not sign it at all! There's no proof that the server possesses the private key matching the public key in its certificate.
Test yourself using https://gotofail.com/
The author says;
Unfortunately, the privacy modes offered by browsers are still evolving (several are only available as betas), and none remove all the tracking data users might expect them to block. A tool was created to set and report on different data stores. This paper presents the findings from running this tool using several major browsers with two plug-ins across three common operating systems. We find current browsers are unable to extend tracking protection to third party plug-ins such as Google Gears and Adobe Flash. Some of these require no user prompting under common configurations and even expose tracking data saved with one browser sites visited by a different browser.
The Internet was never designed to provide privacy. Every IP is traceable. Tor is a good but painfully slow, and an organisation with resources can track back and find a person IP. Personally, I think private browsing in browsers is only for those who are trying to hide their behaviour from a family member rather than from any external entity.
An implication of this “private browsing” mode is that it makes parental supervision of a child’s browsing behaviour difficult. An option would be for browsers to implement parental controls so they can be switched off if required.
Over the past couple of days there has been a lot of news about a group of researchers breaking SSL (to point a few visit here here here ). I mostly agree with Bruce and Ben, MD5 has been broken for many years (WEP comes to mind). The attack itself is interesting, but I think the solution involves decisions to be made at a management level.