RealNews

SSL Flaw Discovered and Fixed

“Side-channel attacks are causing a fundamental rethink in the way we write encryption software,” said Bert Kaliski, head of RSA Labs. Researchers have discovered a new security flaw in Secure Sockets Layer (SSL) protocols, one of the most widely used encryption standards. Researchers at the Security and Cryptography Laboratory at the Swiss Federal Institute of Technology in Lausanne found that email passwords sent via SSL are vulnerable to a form of “side-channel” attack. Unlike normal attacks on code that involve comparing the unencrypted and encrypted message and attempting to recover the encryption key, side-channel attacks look at other information in an attempt to crack the code, such as the time taken to perform an operation and how power consumption changes. In this particular case, the researchers attempted to decrypt the SSL data and closely monitored the time it took to get an error message sent back. From this they were able to narrow their focus to specific sections of the message and discover the contents. Full Story

OODA Analyst

OODA Analyst

OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.