Flaw found in securing online transactions | Inquirer Technology

Flaw found in securing online transactions

/ 11:54 AM February 16, 2012

SAN FRANCISCO — Researchers on Wednesday revealed a flaw in the way data is scrambled to protect the privacy of online banking, shopping and other kinds of sensitive exchanges.

A program used to generate random number sequences for encrypting digital information worked properly 99.8 percent of the time, meaning that two out of every thousand “keys” wouldn’t thwart crooks or spies, the report warned.

“We found that the vast majority of public keys work as intended,” said a report based on work by a team of US and European researchers led by Arjen Lenstra of Ecole Polytechnique Federale de Lausanne (EPFL).

Article continues after this advertisement

“A more disconcerting finding is that two out of every one thousand RSA moduli that we collected offer no security.”

FEATURED STORIES

Online rights champion Electronic Frontier Foundation (EFF) supplied key data for the research, and said that Lenstra’s team found tens of thousands of keys that essentially failed to guard data in supposedly encrypted online sessions.

“The consequences of these vulnerabilities are extremely serious,” the EFF’s Dan Auerbach and Peter Eckersley said in a blog post.

Article continues after this advertisement

“In all cases, a weak key would allow an eavesdropper on the network to learn confidential information, such as passwords or the content of messages, exchanged with a vulnerable server.”

Article continues after this advertisement

Hackers could also pose as trusted websites, such as an online bank, in what are referred to as man-in-the-middle attacks, according to the EFF.

The non-profit EFF said it is working “around the clock” with EPFL to warn operators of computer servers using encryption keys offering no protection.

Your subscription could not be saved. Please try again.
Your subscription has been successful.

Subscribe to our daily newsletter

By providing an email address. I agree to the Terms of Use and acknowledge that I have read the Privacy Policy.

TOPICS: Crime, Information and Technology, Internet, Research, Software
TAGS: Crime, Information and Technology, Internet, Research, Software

Your subscription could not be saved. Please try again.
Your subscription has been successful.

Subscribe to our newsletter!

By providing an email address. I agree to the Terms of Use and acknowledge that I have read the Privacy Policy.

© Copyright 1997-2024 INQUIRER.net | All Rights Reserved

This is an information message

We use cookies to enhance your experience. By continuing, you agree to our use of cookies. Learn more here.