Hacker releases a tool that can steal info from SSL protected sites

On Wednesday, at the Black Hat security conference here, an independent hacker and security researcher who goes by the name Moxie Marlinspike announced that he would release a software tool for performing "man-in-the-middle" attacks on seemingly secure Web sites, including banking sites, Web e-mail or e-commerce sites.

This free program, which Marlinspike calls "SSLstrip" and will host on his Web site, will allow hackers to remove the encryption or Secure Sockets Layer (SSL) protection intended to make sites safe. A cybercriminal would then have access to any passwords or other sensitive information traveling unprotected over the network.