Websites have been warned they could be exposed to eavesdroppers, after researchers discovered a new way to disable their encryption protections.
The experts said about a third of all computer servers using the HTTPS protocol – often represented by a padlock in web browsers – were vulnerable to so-called Drown attacks.
They warn that passwords, credit card numbers, emails and sensitive documents could all be stolen as a consequence.
A fix has been issued.
But it will take some time for many of the website administrators to protect their systems.
The researchers have released a tool that identifies websites that appear to be vulnerable.
They said they had not released the code used to prove their theory because “there are still too many servers vulnerable to the attack”.
As yet, there is no evidence hackers have worked out how to replicate their technique.
An independent expert said he had no doubt the problem was real.
“What is shocking about this is that they have found a way to use a very old fault that we have known about since 1998,” said Prof Alan Woodward, from the University of Surrey.
“And all this was perfectly avoidable.
“It is a result of us having used deliberately weakened encryption, which people broke years ago, and it is now coming back to haunt us.”
Full Story – Click Here