Industry News Home More stories like this... RSS Feed

Hacker reveals SSL encryption bypass

The online security on secure websites such as those involved in internet banking has been thrown into question by an internet researcher who claims that the sites can be compromised.

Moxie Marlinspike has tabled at the Black Hat conference in the US methods he says can bypass SSL encryption used by websites displaying the padlock mark, which denotes that the internet security of the said websites is foolproof.

The independent hacker revealed in a presentation at the Washington conference that there were several ways in which the encryption's
"chain of trust" could be compromised.

In a revelation that is likely to cause an internet security nightmare for many banking institutions and their security experts, the hacker also revealed the existence of a free software tool called "SSL Strip".

This software can be used against a network as well as a man in the middle attack targetting SSL connections.

Websense Security Labs recently stated that 77 per cent of infected websites are legitimate sites that have been compromised.

Powerful protection against malicious virus infections. Visit www.pctools.com to upgrade your protection