E-commerce security flaw found

2012-02-16 14:00
San Francisco - Researchers on Wednesday revealed a flaw in the way data is scrambled to protect the privacy of online banking, shopping and other kinds of sensitive exchanges.

A program used to generate random number sequences for encrypting digital information worked properly 99.8% of the time, meaning that two out of every 1 000 "keys" wouldn't thwart crooks or spies, the report warned.

"We found that the vast majority of public keys work as intended," said a report based on work by a team of US and European researchers led by Arjen Lenstra of Ecole Polytechnique Federale de Lausanne (EPFL).

"A more disconcerting finding is that two out of every 1 000 RSA moduli that we collected offer no security."

Online rights champion Electronic Frontier Foundation (EFF) supplied key data for the research, and said that Lenstra's team found tens of thousands of keys that essentially failed to guard data in supposedly encrypted online sessions.

"The consequences of these vulnerabilities are extremely serious," the EFF's Dan Auerbach and Peter Eckersley said in a blog post.

"In all cases, a weak key would allow an eavesdropper on the network to learn confidential information, such as passwords or the content of messages, exchanged with a vulnerable server."

Hackers could also pose as trusted websites, such as an online bank, in what are referred to as man-in-the-middle attacks, according to the EFF.

The non-profit EFF said it is working "around the clock" with EPFL to warn operators of computer servers using encryption keys offering no protection.

Join the conversation!

24.com encourages commentary submitted via MyNews24. Contributions of 200 words or more will be considered for publication.

We reserve editorial discretion to decide what will be published.
Read our comments policy for guidelines on contributions.
Read more on:    e-commerce  |  cybercrime

linking and moving

2015-04-22 07:36

24.com publishes all comments posted on articles provided that they adhere to our Comments Policy. Should you wish to report a comment for editorial review, please do so by clicking the 'Report Comment' button to the right of each comment.

Comment on this story
Comments have been closed for this article.

Inside News24


Rugby World Cup 2015

All the action from the 2015 RWC, including live coverage of all 48 matches, breaking news, fixtures, results, logs - and much more!


Rugby World Cup 2015

6 reasons Boks won’t botch it
Fiji far too strong for Uruguay
Burger hopes for elusive World Cup win
As it happened: Fiji 47-15 Uruguay
Traffic Alerts

Relationships and significant connections may play an important role in your day today. Let the warmth of the Leo moon inspire you...read more

There are new stories on the homepage. Click here to see them.


Create Profile

Creating your profile will enable you to submit photos and stories to get published on News24.

Please provide a username for your profile page:

This username must be unique, cannot be edited and will be used in the URL to your profile page across the entire 24.com network.


Location Settings

News24 allows you to edit the display of certain components based on a location. If you wish to personalise the page based on your preferences, please select a location for each component and click "Submit" in order for the changes to take affect.

Facebook Sign-In

Hi News addict,

Join the News24 Community to be involved in breaking the news.

Log in with Facebook to comment and personalise news, weather and listings.