A man-in-the-middle attack against the Transport Layer Security (TLS) protocol can be used to intercept sensitive personal data. A flaw in the way the protocol terminates TLS sessions leaks a small amount of information, which the attacker can use to gradually build a complete picture of data being sent, according to researchers at Royal Holloway, University of London.
TLS provides security for online banking, credit card data, emails, and for many large companies, and millions of people use TLS daily.
"While these attacks do not pose a significant threat to ordinary users in its current form, attacks only get better with time," says professor Kenny Paterson.
The researchers also say they have discovered several countermeasures. "We have been working with a number of companies and organizations, including Google, Oracle, and OpenSSL, to test their systems against attack and put the appropriate defenses in place," Paterson notes.
From Royal Holloway, University of London
View Full Article
Abstracts Copyright © 2013 Information Inc., Bethesda, Maryland, USA
No entries found