The Inquirer-Home

SSL creator warns of further attacks

Stolen certificates create security nightmares
Tue Oct 18 2011, 13:06

THE CREATOR of Secure Socket Layer (SSL) technology has warned that the system remains as insecure as it was last month when hackers managed to break its security.

A number of SSL certificates were stolen by hackers in September, allowing them to pose as nearly any internet company and helping them break into the Gmail accounts of around 300,000 people, according to the BBC.

Dr Taher Elgamal, the creator of the widely used security protocol, said that little has been done to bump up SSL security since the attacks, which means "it could happen again".

He said that the problem was less an issue of technology and more to do with people, particularly in terms of how many SSL certificate authorities are out there. "There's way too many of them," he said. "Nobody asked the question of what to do if a certificate authority turns out to be bad."

The system, which was developed by Elgamal when he was working at Netscape and subsequently adopted by the Internet Engineering Task Force (IETF) as Transport Layer Security (TLS), employs agencies to hand out unique digital certificates, which identify that a web site really belongs to a certain company or organisation.

This has proven to be one of the strongest methods of defence against hackers until last month when certificates were stolen from Dutch security firm Diginotar.

Despite the flaws, Elgamal does not think that a new system is needed, but that updates to SSL should repair the security holes created recently. He said that adding TLS updates in modern web browsers could help defend against another attack. µ

 

Share this:

blog comments powered by Disqus
Advertisement
Subscribe to INQ newsletters

Sign up for INQbot – a weekly roundup of the best from the INQ

Advertisement
INQ Poll

Apple announces the iPhone 6, iPhone 6 Plus and Apple Watch

Which of Apple's new products will you be buying?