THE CREATOR of Secure Socket Layer (SSL) technology has warned that the system remains as insecure as it was last month when hackers managed to break its security.
A number of SSL certificates were stolen by hackers in September, allowing them to pose as nearly any internet company and helping them break into the Gmail accounts of around 300,000 people, according to the BBC.
Dr Taher Elgamal, the creator of the widely used security protocol, said that little has been done to bump up SSL security since the attacks, which means "it could happen again".
He said that the problem was less an issue of technology and more to do with people, particularly in terms of how many SSL certificate authorities are out there. "There's way too many of them," he said. "Nobody asked the question of what to do if a certificate authority turns out to be bad."
The system, which was developed by Elgamal when he was working at Netscape and subsequently adopted by the Internet Engineering Task Force (IETF) as Transport Layer Security (TLS), employs agencies to hand out unique digital certificates, which identify that a web site really belongs to a certain company or organisation.
This has proven to be one of the strongest methods of defence against hackers until last month when certificates were stolen from Dutch security firm Diginotar.
Despite the flaws, Elgamal does not think that a new system is needed, but that updates to SSL should repair the security holes created recently. He said that adding TLS updates in modern web browsers could help defend against another attack. µ
Is restoring from backup really the better than prevention?
Allowed anyone to pinpoint locations visited by customers of SVR Tracking
Hackers gained access to systems using unsecured administrator's account
But Canonical's Mark Shuttleworth doesn't agree