Skip to main content
  1. Home
  2. Computing
  3. News

SSL Web Security Protocol Compromised by Researchers

Geoff Duncan
By
Ethernet connector
Image used with permission by copyright holder

Two researchers with PhoneFactor, a company that offers two-factor authentication services, say that thay have uncovered a serious vulnerability in SSL (Secure Sockets Layer), a fundamental online security technology that’s widely used to safeguard ecommerce transactions and other sensitive data. The flaw, in theory, can enable attackers to insert themselves into a secured online transaction as a “man in the middle,” able to view all data moving back and forth between two parties—and alter the data stream and issue commands—on what the users believe is a secured connections.

The researchers, Marsh Ray and Steve Dispensa, found the error in August 2009 and reported it to a group of impacted vendors and standards committees without publicly disclosing the problem. PhoneFactor had planned to hold off on disclosing the vulnerability until early 2010 in order to give vendors time to patch their SSL software and deploy fixed versions to their customers, but another research discovered the bug independently and posted it to an IETF mailing list on November 4.

Recommended Videos

“Because this is a protocol vulnerability, and not merely an implementation flaw, the impacts are far-reaching,” said PhoneFactor CTO Steve Dispensa, in a statement. “All SSL libraries will need to be patched, and most client and server applications will, at a minimum, need to include new copies of SSL libraries in their products. Most users will eventually need to update any software that uses SSL.”

Related

SSL is widely used to secure transmissions for a variety of applications, from ecommerce and online banking, Web-based management of almost any sort of customer account, as well as non-Web applications like database servers, email, and enterprise systems.

The new vulnerability is not the first to hit SSL in recent months: at the Black Hat security conference in Las Vegas security researchers Mike Zusman and Alex Sotirov demonstrated a browser design flaw that enabled man-in-the-middle attacks on SSL connections. Other recent attacks on SSL have focused on clandestinely shifting traffic from SSL_protected https:// connections to unsecured http:// links.

Editors' Recommendations

Geoff Duncan
Geoff Duncan
Former Digital Trends Contributor
Geoff Duncan writes, programs, edits, plays music, and delights in making software misbehave. He's probably the only member…
How to convert WMA to MP3 on Mac, Windows, and Web
The JBL Tune 760NC wireless headphones on someone's head.

Remember when Windows Media Player ruled the earth? Before the world was inundated with versatile playback tools like VLC and countless other platforms, most users flocked to the built-in OS media players provided by Windows and Apple (the latter being the minds behind QuickTime). In fact, you’ve probably come across a handful of WMA files in your life of using computers.

Read more
The 6 best laptops for realtors in 2024
Asus Zenbook 14 OLED front view showing display and keyboard.

If you're a realtor, trying to find a good laptop can be just as challenging as finding the perfect home for your clients. Not only do you need something that looks professional and can withstand the daily demands of the modern work environment, but it also needs to be portable and durable. After all, there's a good chance you'll be lugging it around with you to your showings, so a clunky laptop simply won't cut it.

That means you'll need a laptop that's portable, reliable, responsive, and boasts a professional design that'll impress your clients. That's quite the checklist – but thankfully, there are plenty of great laptops for realtors that fit all these criteria.

Read more
The most common Skype problems and how to fix them
best mac apps for small business skype

Skype is an excellent option for video chats with your friends and family or conducting a videoconference call with your colleagues.  However, Skype is not without its bugs, hiccups, and issues that can make getting face-to-face with someone seem like an ordeal. To make things easier on everyone, we've compiled a selection of the most common Skype problems and how to fix them.
Video not working
If you can't get your camera to work or experience issues seeing other's connections, you might as well be using an actual telephone instead of Skype. Thankfully, these issues can usually be resolved with a bit of tinkering on your end, or they may just be service disruptions on Skype's end.

One of the more common problems that crop up is visual issues due to Skype not having access to your PC or phone's camera. For desktop users, open the Skype application and select the Three horizontal dots near the notification bell icon to access the Skype menu. Select Settings > Audio and video. If your picture fails to appear in the Skype camera preview window, you'll know there's a connection issue.

Read more