Dan Kaminsky, a well-known security researcher and director of penetration testing for the Seattle-based security company IOActive, says that Marlinspike has expertly exploited several problems that have been known about for years.
"It's not like [those problems are] going away," Kaminsky says, "and that matters."
Kaminsky adds that the problem does not lie with Web browsers, website owners, or users. "What we're doing isn't working," he says. "I think we're missing critical pieces of infrastructure that we need to secure the Internet."
One way to add another layer of security to the Internet, Kaminsky argues, would be to introduce a new secure protocol called DNSSEC, for linking Web servers to domain names.
He believes that DNSSEC could be configured to instruct browsers to connect to certain sites using only an "https" connection.
Marlinspike is skeptical that such a major overhaul of the Web's existing structure would work. He also says that owners of websites could introduce design changes to help make the difference between a secure connection and an insecure one clearer.
Ultimately, however, he believes that a proper solution will be elusive so long as most traffic is sent over the Internet in an insecure fashion.