November 16, 2009 • 12:49 am 0
An “Authentication Gap” was discovered in the latest version of SSL/TLS protocol.This could potentially be a huge problem. The gap is not due to some erroneous implementation, it is a property of the protocol.
Here is a list of links to websites where the issue is being followed:
Filed under: Authentication, Encryption, Hacking, InSecurity, SSL, Security, Technology, e-commerce, networks , Authentication, e-commerce, Encryption, Hacking, InSecurity, networks, Security, SSL
January 3, 2009 • 2:33 am 0
X.509 certificates signed by Certificate Authorities that use MD5 function are certainly going to disappear form the Internet as flaws on the MD5 were successfully exploited to generate a rogue certificate that would be considered as valid by all browsers.
The proof of concept was recently published by A. Sotirov et al. , although the basis for the hack has been know for a few years know. The researchers exploited collisions (two different strings that hash to the same value) in the MD5 and the fact that CAs use a sequential numbering of certificates upon issuance.
News that SSL is broken are exaggerated as many CA are already using SHA-1 (a stronger hash function) and the ones that were using MD5 are switching quickly after publication of the flaw.
See also:
Filed under: Authentication, Hash Functions, InSecurity, SSL, e-commerce , Authentication, Cryptography, e-commerce, InSecurity, SSL
April 14, 2007 • 2:19 am 1
I suggest the reader to visit the Financial Cryptography blog (click on the link in the right column, under Security). In particular those interested in the economics behind the security market will appreciate the material being posted there by Ian Grigg.
Filed under: Authentication, Encryption, e-commerce, e-currency
February 23, 2007 • 3:53 am 0
Top Tech news reports on e-commerce trends in this article
A Yougov survey, of 2,500 UK adults, carried out for the security company has revealed that despite three-quarters of the population shopping and banking online, many are looking for additional reassurances from online retailers before spending more.
It found 66 percent of consumers believe that making transactions online puts them at increased risk of online fraud, and 30 percent agree that Internet security threats prevent them from making more online transactions.
Seven in 10 people said they would feel more comfortable carrying out online transactions if they were given assurance that online retailers were taking steps to secure their data.
However, only around three in 10 said they bothered to check the credentials of a company before making a transaction.
Three in 10 believed it is the responsibility of the business they are dealing with to secure their data, while only nine percent lay the responsibility with their bank.
Consumers also expect any compensation to come from these online retailers (40 percent), rather than from their bank or credit card company (18 percent).
A few years ago, by insuring most transactions, credit card companies took the responsibility from the hands of customers and retailers and diminished the incentives for better transactional security and authentication.
Filed under: Security, e-commerce, in the News
Data Security and Information Theory are essential to modern life. Far from being the exclusive domain of academics and geeks, the fundamentals and its application are easy to understand for most people. Here, my modest attempt to bring some of the issues to the public discourse and spread the knowledge to make the internet a safer place for your virtual self.
Click below to find out more
ScienceDaily: Computer Security News Wired: Commentary
