Two computer security researchers have found a way to take the "S" out of the "HTTPS" or secure Web browsers exposing the vulnerability of banking and payment websites from hacking.

Argentinian Juliano Rizzo ad Vietnamese Thai Duong revealed that their BEAST or Browser Exploit Against SSL/TLS works by stealing and decrypting an authentication cookie that access HTTPS sites leaving private data open to eavesdropping, The two will demonstrate the BEAST at the Ekoparty computer security conference in Buenos Aires on Friday.

The BEAST exploits the lower version of Transport Layer Security (TLS) 1.0 protocol and Secure Sockets Layer (SSL) 3.0 used by most browsers and servers for encryption.

The BEAST can be injected into a target's browser through JavaScript-written Web ads and elements to decrypt the encrypted requests and cookies. This makes the session no longer secure and information can then be hijacked.

Duong said the BEAST can intercept PayPal sessions or other services using TLS 1.0. PayPal issued a statement reassuring customers of the site's security.

"We can reassure our customers that PayPal's top priority is the security of their accounts and their personal and financial information. We have dedicated teams of information security experts who continually review and strengthen our security systems. We'll further review thisonce we have details of the research later in the week," PayPal said according to Artstechnica.com.

Mozilla said it is developing a fix to protect the Firefox browser from such attack. Microsoft downplayed the threat by saying that its browsers have support for TLS and its higher version through the operating system. Another browser, Opera, said it is not vulnerable to the BEAST.