Personally, I think it’s just spreading FUD; but Information Week is reporting that “Just over a week ago, security researcher Mike Perry presented information at the DEFCON security conference about a vulnerability that affects many SSL-secured Web sites, including Amazon, Facebook, Gmail, addons.mozilla.org, most Drupal sites, and many online merchants and banks. ”
I have no idea why Drupal would be mentioned by name in this manner, especially if it’s a problem with cookies and the SSL protocol.
Are there any Drupal core devs who would like to comment on this security issue? I’d love the write a follow-up blog post with the full story!