Brics and straws

Brics and straws

Brics Bank has its own limitations, and let us hope it will...
Much ado about execution

Much ado about execution

Effective delivery must be brought to the centre of policy-making...

Security protocol for net banking, Facebook has serious weaknesses: experts

Feb 04 2013, 16:42 IST
Comments 0
TLS protocol that provides security for online banking, credit card data and Facebook has 'major weaknesses' which may lead to interception of sensitive personal data. TLS protocol that provides security for online banking, credit card data and Facebook has 'major weaknesses' which may lead to interception of sensitive personal data.
SummaryTLS protocol provides security for online banking as well as for credit card data when shopping on Internet.

The protocol that provides security for online banking, credit card data and social networking site Facebook has "major weaknesses" which may lead to interception of sensitive personal data, UK scientists warn.

The Transport Layer Security (TLS) protocol is used by millions of people on a daily basis. It provides security for online banking, as well as for credit card data when shopping on the Internet.

In addition, many email systems in the workplace use it, as well as a number of big companies including Facebook and Google.

Professor Kenny Paterson from the Information Security Group at Royal Holloway University and researcher Nadhem AlFardan found that a so-called 'Man-in-the Middle' attack can be launched against TLS and sensitive personal data can be intercepted in this way.

They have identified a flaw in the way in which the protocol terminates TLS sessions. This leaks a small amount of information to the attacker, who can use it to gradually build up a complete picture of the data being sent.

"While these attacks do not pose a significant threat to ordinary users in its current form, attacks only get better with time. Given TLS's extremely widespread use, it is crucial to tackle this issue now," Paterson said in a statement.

"Luckily we have discovered a number of countermeasures that can be used. We have been working with a number of companies and organisations, including Google, Oracle and OpenSSL, to test their systems against attack and put the appropriate defences in place," Paterson added.

Ads by Google
Reader´s Comments
| Post a Comment
Please Wait while comments are loading...