An anonymous reader writes: People still don't understand SSL. This isn't much of a surprise... no one expects that grandma and grandpa know how to what SSL is and what it does. What is surprising and downright scary is that most IT professionals don't understand SSL, and many consider it to be the be-all, end-all of security in their organization. With all the tools out their to manipulate SSL connections and the browser vendors unable to settle on a single method of showing if a site is secured by SSL or not, is it any wonder that no one gets it? Security researchers Tyler Reguly, Mike Zusman, Jay Graver and Robert 'RSnake' Hansen recently discussed some of these issues at SecTOR security conference in Toronto.