Web Security Standard Compromised by Security Researchers Using Sony PlayStations

The following post was submitted by one our loyal readers, Theo Karantsalis.

MIAMI -- The familiar closed padlock icon that indicates a Web site is secure has been picked.

A Web security standard compromised by security researchers exposed a weak link in the system that could give hackers access to PCs.

At risk: all E-commerce and online banking transactions.

Researchers said that they used 200 PlayStation 3 video game consoles to defeat Secure Sockets Layer, or SSL, a security mechanism designed to prevent eavesdropping and guarantee Internet users that their connections are encrypted and safe.

"This break is major," said Karsten Nohl, a cryptography expert and a researcher at the University of Virginia,” via e-mail from his home in Germany. "It definitely is the most wide-scale attack, because anything short of patching all browsers in the world to not accept the certificates, there's nothing you can do to prevent it."

The team of security experts from the United States, Switzerland, and the Netherlands said at the 25th annual Chaos Communication Congress in Berlin, Germany on Dec. 30 that it took three days of computing time to defeat SSL security measures.

SSL is employed whenever a user points to an address that begins with "https://".

"Centrally-controlled top-down public-key infrastructures have always had problems,” said Philip R. Zimmermann, via e-mail from his home in California.  Zimmermann is a cryptography expert and creator of Pretty Good Privacy, or PGP, an encryption program protects information. "That's why I designed PGP to not depend on them, and that's why PGP has done so well."

Secure Florida, the agency responsible to protect the citizens and economy of Florida by safeguarding its information systems, has not issued any alerts on their Web site and could not be reached for comment Wednesday morning.

Content Type: 

Subject Area: