|
|
Weak server certificates compromise online security | | 2008/07/01 | | An error in technology used to generate server certificates could have left millions of people vulnerable to internet criminals.
During a period of around one and a half years, weak cryptographic keys were generated due to an error in the OpenSSL used by Denbian Linux distribution.
Criminals could theoretically be able to use these weak keys to decode encrypted traffic and mimic website such as banks or e-retailers to steal personal information from users.
A heise Security survey of thousands of valid certificates discovered that one in 30 used weak keys, including a worrying number that involved credit card details.
A recognised certificate authority must issue the certificate for it to be accepted by a browser but some certificate owners have not yet replaced the potentially weak ones.
It is recommended by heise Security that all browsers should now check which certificates have been barred by using the Online Certificate Status Protocol (OCSP).
Alternatively, a Test SSL tool has been made available from heise-online.co.uk to see if individual certificates use weak keys.  |
ALL RELATED ARTICLESAll Web Site & Server Security news
| | | RECENT RELATED ARTICLES | | Microsoft releases IE fix - 2008/12/18 Microsoft has released a patch to fix a vulnerability in Internet Explorer (IE) which has caused problems for more than two million users. ... | | | | Credit crunch 'will affect security' - 2008/11/27 Businesses' IT security will be affected by the credit crunch, an expert has claimed. ... | | | | Trojan virus steals on an unprecedented scale - 2008/11/04 A new Trojan virus has stolen data from half a million bank records, according to a leading internet security firm. ... | | | | Virgin Media suffer email 'spam attack' - 2008/10/14 Thousands of Virgin Media customers have been virtually cut off from their email accounts for up to four days, it has been reported.
A mass spamming attack rendered as many as ... | | | | FBI begins hunt for European retail hackers - 2008/10/07 The US Federal Bureau of Investigations (FBI) has gone on the hunt for two Europe-based hackers who have made several attacks against online retailers, it has emerged. ... | | |
|
|
|
