From 90% of popular SSL sites vulnerable to exploits, researchers find:
Out of the 200,000 sites examined, only 19,024 were configured to withstand an attack discovered in 2009 that allows attackers to inject data into encrypted traffic passing between two endpoints. The vulnerability resides in the SSL protocol itself and can be exploited by renegotiating the protected session, something that often happens to generate a new cryptographic key. Just a few weeks after the bug was discovered, a Turkish grad student showed how it allowed him to steal Twitter login credentials that passed through encrypted data streams.</blockquote>