SSL is broken

There's a magic padlock icon that appears in your browser indicating that you're secure - and that nobody in the middle can read the traffic - and it's probably broken.

Certificate Authorities

The problem is not that the encryption scheme is broken - the public/private keys structure is fine and has been demonstrated to be secure, it's that there are way too many certificate authorities and a single mistake or deliberate outside party interference (for example, from governments) can allow a man in the middle to decrypt all traffic, read what's being sent to and fro.

There's a lot of certificate authorities - most are telecoms companies or related to a national government in some way, and all of these can issue certificates for any website.  In addition, it's possible for a certificate authority to issue a wildcard intermediate certificate to an organisation that does exactly the same.

The way an SSL certificate is validated is that when your browser contacts a secure site, the site returns their certificate and a chain up to a valid root certificate.  As soon as the browser finds a root certificate that it already knows about then it assumes it's all fine and the connection is secure.
The problem is that if one of these certificates is compromised, or abused in some way by the company owning it, a man in the middle can read all of the traffic in between.  This is not a hypothetical situation - it's happened already - with Turktrust, with Nokia, and with DigiNotar.  What's worrying is there are lots of certificate authorities and it only takes one of them to be incompetent to render traffic insecure.
 
There's also other instances of https traffic being decrypted with varying levels of validity - company firewalls occasionally do it by using their own CA authority (which requires modification of each client computer), and anti-virus software with parental controls can also do this.  Needless to say I believe these should simply not be allowed.  By installing parental controls (on some anti-virus systems) you are effectively giving permission to your anti-virus company to view your bank details, and I don't think most people would be happy with that.

Just as concerning are government security agencies.  Whilst the examples above are the result of incompetence, security agencies could go to the certificate authorities directly and request a wildcard certificate - which would probably be granted.  But this means that the security agency could happily decrypt all traffic and nobody would be able to detect that they are doing so.

When a root CA is found to be compromised in some way, revoking it is a deeply painful process that can take months whilst each browsers list of root certificates is replaced. Even worse are embedded systems which may never have their CA list refreshed.

Whilst most companies applications won't change, I would recommend that all banking and financial transaction apps use some man-in-the-middle prevention - namely, EKE encryption to detect that this is taking place and prevent data being transferred.  Whilst some banks do this already, Natwest does not and it really should!

Quantum Computing

A little further ahead, we have quantum computing, especially with the new we-think-it's-quantum-but-we're-not-really-sure D-wave systems.  Using Shor's algorithm and a sufficiently powerful quantum computer, all root certificates could be compromised (again, probably by national security agencies) and again, it would be extremely difficult to detect that a man in the middle attack was being perpetrated.  There's something the certificate authorities could do now to combat this, and that's use an algorithm that can't be solved using Shor's algorithm - i.e. not prime number factorization or the discrete logarithm problem - there's other ways but these don't seem to have any take up right now by certificate authorities.