Polish scientists from Wroclaw University of Technology have found a vulnerability in security technologies used across the Internet that may allow kleptographic attacks resulting in silent theft of information without user's awareness. The attack is only possible if client application has been modified by a malicious person e.g. by infecting computer system by a virus or persuading a user to install a plug-in, download or compile modified code. Such application would not send any additional information and would act according to protocol specification but the data sent over secure channel would easily be disclosed only by sniffing network traffic. Probably all of the SSL/TLS and SSH protocols may be affected including Internet Explorer, Outlook Express, Mozilla Firefox, Mozilla Thunderbird and Opera. The team led by prof. Miroslaw Kurylowski has already informed Internal Security Agency and is going to suggest software vendors to modify protocol's implementation to protect against cryptographic attacks. The change is relatively simple and requires changing only a few lines of code. View: Wroclaw University of TechnologyRead full story...
News source:
Full Story
Linear Mode
