CastleCops, Internet Crime Fighters
Need help? Click here to register for free! Absolutely zero advertisements on this site!

$9736.22 of $21422.68
left sidedonated so farneed $11686.46 donated to reach our goalright side, our goal
Help CastleCops serve the community on new servers, Donate Here to reach our goal.

Donation/Premium
spacer
Donations. Become Premium Today! Premium Icon
block bottom
Security Central
spacer
· Home
· PIRT/Fried Phish
· MIRT
· SIRT
· Deutsch
· Wiki
· Newsletter
· O16/ActiveX
· CLSID List
· Contest2007
· Downloads
· Feedback (send)
· Forums
· HijackThis
· Hijacktrend
· LSPs
· My Downloads
· O18
· O20
· O21
· O22
· O23
· O9
· Premium
· Private Messages
· Proxomitron
· Reviews
· Search
· StartupList
· Stories Archive
· Submit News
· WsIRT
· Your Account
· Acceptable Use Policy
block bottom
Survey
spacer
Was 2007 a good year?

Yes it was a wonderful year
Yes, but there is always room for improvement
Status quo
It was a challenge
Other (leave comment)



Results
Polls

Votes: 940
Comments: 25
block bottom
spacer spacer
image Beware!: Net security software exposed image
Cyber Security

Thursday, 20 February, 2003

The most commonly used security system to protect passwords over the internet has been cracked by researchers at one of Switzerland's top technology universities.
A team at the Federal Institute for Technology in Lausanne said they had been able to decipher a password in less than an hour.

"It is the first time we have noticed a security problem in the SSL protocol itself and not in how we use it or how we implement it," Professor Serge Vaudenay, director of the institute's security and cryptography lab, told the BBC.

But the researchers say the loophole does not apply to credit card transactions, as banks and e-commerce sites use a different type of SSL (Secure Sockets Layer) technology.



Webmail exposed

Up until now, SSL technology had been thought to be completely secure.

Websites protected by SSL systems are marked by an internet address which begins with "https://." On most browsers, a small lock and key icon will appear at the bottom of the browser to show it is a secure connection.

It is widely used across the web by webmail and e-commerce sites to protect customer information and transactions.

SSL works by encrypting a password or credit card number, using a secret code to scramble the information so that if anyone intercepts it, they will not be able to read it.

Various types of algorithms are used in SSL technology to encrypt information.

The type of SSL protocol hacked by the scientists was one used for webmail, rather than for banking or credit card payments.

"We intercepted a connection, replaced it with a fake one and looked at the behaviour of the server," Prof Vaudenay told the BBC.

He explained that the team were able to gain a small amount of information as the computer and the server talked to each other.

"We got a small bit of information about the password each time and after 160 attempts we were able to reconstruct it."

Encrypted data

But Prof Vaudenay said the loophole did not present a serious security problem as it relied on the password being frequently sent to a server.

"The e-mail application regularly sends authentication to the server, like log in name and password of the user, without bothering the user," he explained.

Source and more: BBC News
Posted on Thursday, 20 February 2003 @ 14:05:00 UTC by cj (1376 reads)
[ Trackback ]		image

"Beware!: Net security software exposed" | Login/Create an Account | 0 comments
Threshold
The comments are owned by the poster. We aren't responsible for their content.

No Comments Allowed for Anonymous, please register
 
Login
spacer
Nickname

Password

Security Code: Type Security Code: Usage signifies AUP acceptance
· New User? · Click here to create a registered account.
block bottom
Related Links
spacer
· del.icio.us!
· digg it!
· reddit!
· TrackBack (0)
· HotScripts
· W3 Consortium
· More about Cyber Security
· News by cj

Most read story about Cyber Security:
Booby Trapped software!
block bottom
Article Rating
spacer
Average Score: 0
Votes: 0

Please take a second and vote for this article:

Bad
Regular
Good
Very Good
Excellent
block bottom
Options
spacer

Printer Friendly Page  Printer Friendly Page
block bottom
2002-2008 © Computer Cops LLC dba CastleCops®. All rights reserved.
Acceptable Use Policy. Use signifies your agreement.
200ppm 0.620s (0.012s)
Making cybercriminals unhappy since 2002*
In Memory of Trpm
spacer spacer