With software and hardware playing increasingly significant roles in our day-to-day life, how much can and should we trust them to be correct?
A padlocked icon in a web-browser or a URL starting with https provides communication security over the Internet. The icon or URL indicates OpenSSL, a cryptography toolkit implementing the SSL protocol, or a similar system is being used. New research by a collaborative team has developed an attack that can circumvent the security OpenSSL should provide. The attack worked on a very specific version of the OpenSSL software, 0.9.8g, and only when a specific set of options were used. Dan Page , Senior Lecturer in Computer Science in the Department of Computer Science at the University of Bristol, and one of the collaborative team, will present a paper at the RSA Conference in San Francisco today [Wednesday 29 February] about the EPSRC -funded research. The attack worked by targeting a bug in the software. Carefully constructed messages were sent to the web-server, each of which triggered the bug and allowed part of a cryptographic key to be recovered.
TO READ THIS ARTICLE, CREATE YOUR ACCOUNT
And extend your reading, free of charge and with no commitment.
