Conference Sheds Light On Criminal Hacking

RESEARCHERS have uncovered new ways that criminals can spy on Internet users even if they're using secure connections to banks, online retailers or other sensitive websites.

The attacks demonstrated at the Black Hat conference in Las Vegas show how determined hackers can sniff around the edges of encrypted Internet traffic to pick up clues about what their targets are up to.

It's like tapping a telephone conversation and hearing muffled voices that hint at the tone of the conversation.

The problem lies in the way web browsers handle Secure Sockets Layer, or SSL, encryption technology, according to Robert Hansen and Josh Sokol, who spoke to a packed room of security experts.

Encryption forms a kind of tunnel between a browser and a website's servers. It scrambles data so it's indecipherable to prying eyes.

SSL is widely used on sites trafficking in sensitive information, such as credit card numbers, and its presence is shown as a padlock in the browser's address bar.

SSL is a widely attacked technology, according to Hansen and Sokol, with attacks yielding all sorts of information.

Email Story    Printable View    Blog Story    Copy Headline/URL