The earlier of the two presentations came from Ivan Ristic of SSL Labs. Ivan presented the results of his large scale crawl of domains, searching for SSL Certificates and in particular checking the implementation of these certificates. The good news is that the vast bulk of installed certificates appear to be well configured in Ivan's view, but he did find significant numbers of certificates containing one or more of what he considers to be implementation errors. It was good work and helpful, even if it is incomplete and some of the conclusions are open to debate. At the very least, Ivan's research highlights the importance of proper implementation of SSL Certificates. I hope that Ivan continues developing his research and reports on a regular basis.
The other presentation focused heavily on SSL was called HTTPS Can Byte Me, by Robert Hansen and Josh Sokol. Some journalists have portrayed this presentation as a scathing indictment of the SSL protocol. I was in the presentation, and I don't agree. Even Robert and Josh were clear that most of the flaws they discovered were very minor and hard to use in practical attacks. And the good news is that even the major ones are likely to be quite addressable by those who manufacture client and server software, particular browser manufacturers. Again, good work on the part of Robert and Josh, who have helped identify potential vulnerabilities that software manufacturers can plug before they develop into full-fledged attacks.