Tuesday, October 18, 2011

Web Commerce Still Not Secure

Secure Socket Layer (SSL) technology created by Taher Elgamal in 1995, is used to keep many different types of web transactions safe. Latter on, the Internet Engineering Task Force adopted it as a standard web technology known as Transport Layer Security (TLS).

The TLS system is used by millions of people every day to re-assure that they are connecting to a website actually they think they are. It guarantees the identity of a website via certificates that are issued by trusted authorities.

In September 2011, hackers stole credentials ( known as certificates ) from Dutch security firm DigiNotar. They used these stolen credentials to eavesdrop on the Gmail accounts of about 300,000 people. In March 2011, similar attack was observed on Comodo.

According to Dr Elgamal, during the development of SSL/TLS, no body asked the question what to do when certificate issuers were compromised? He said that it can be updated, and if browser makers implement the updated TLS widely, it can be made safe against such attacks in the future.

No comments:

Post a Comment