E-commerce security hole, SSL weakness

IOActive researcher Dan Kaminsky and independent researcher Moxie Marlinspike, speaking at the recent Blackhat event revealed a weakness in SSL, the security protocol that e-commerce ad banking websites use to protect private data such as credit card and login information. They showed how it is possible to fool a browser into thinking a rogie domain is in fact the bank, or trusted website it thinks its on. For more on this see http://www.wired.com/threatlevel/2009/07/kaminsky/ Firefox fixed this issue within days while it took Microsoft two months to fix it, which it did in this week’s “patch Tuesday” – this issue affected all Windows based browsers, including Safari and Google Chrome, because of the way certificates are handled by Windows. Firefox was only protected because they fixed it directly in the browser rather than depend on the OS to handle it.
This make is important to install the security updates this week, or better still, use Firefox as a browser, as it updates itself very efficiently.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: