Some more recent news can be found here: First solutions for SSL/TLS vulnerability - The H Security: News and Features

TLS 1.0 has been considered antiquated for some time now. I think that I read about it being cracked quite some time ago, but the part about it being used in cookies throws me. I'm guessing that it would be the same as code used elsewhere, but I didn't consider the fact that cookies would be using TLS 1.0, instead of something more advanced. The article blames browsers, but I know that Opera can use any of the TLS codes, depending on what is being used by the websites. That makes me wonder if the problem is really with the browsers or not? If PayPal is using old code, they better change it quickly, because I use PayPal alot, but that may change if they can't write their cookies better.

seekermeister said:

TLS 1.0 has been considered antiquated for some time now. I think that I read about it being cracked quite some time ago, but the part about it being used in cookies throws me. I'm guessing that it would be the same as code used elsewhere, but I didn't consider the fact that cookies would be using TLS 1.0, instead of something more advanced. The article blames browsers, but I know that Opera can use any of the TLS codes, depending on what is being used by the websites. That makes me wonder if the problem is really with the browsers or not? If PayPal is using old code, they better change it quickly, because I use PayPal alot, but that may change if they can't write their cookies better.

i agree. i use opera and paypal as well

I'm somewhat confused on this, because I just checked Opera's Security Protocols, and found that TLS 1.1 and 1.2 were not enabled by default. I went ahead and enabled them, but that didn't change anything in the Details window. I'm considering disabling TLS 1.0 altogether, but since it was the default setting, I'm not sure that things would work properly without it. How would one know precisely which protocol was actually being used at any given time?

The part that seems odd, is that I could almost swear that in older versions of Opera, that the defaults were reversed, with 1.1 & 1.2 being enabled, and 1.0 not. Maybe my memory is worse than I thought.

This quote from TD7BS's link seems to confirm that simply changing the browser's defaults wouldn't help much, and possibly hurt:

According to analysis by security specialist Thierry Zoller, Chrome and Firefox use the Network Security Services (NSS), which only support TLS 1.0. Windows Vista, XP, 2000 and Server 2003 as well as Server 2008 are also incapable of using TLS 1.1 by default. Only Windows 7 and Server 2008 R2 can use TLS 1.1. Opera 10, on the other hand, even works with TLS 1.2 servers. However, it is no use changing the browser configuration if the server doesn't support the standard.

Sounds as though Firefox users have the most to be concerned about, since the article also said that Chrome was working on some kind of work around.