08-01-2013 08:34 PM - edited 08-01-2013 08:43 PM
by Dan Goodin - Aug 1 2013, 11:30am EST
The HTTPS cryptographic scheme, which protects millions of websites, is susceptible to a new attack that allows hackers to pluck e-mail addresses and certain types of security credentials out of encrypted pages, often in as little as 30 seconds.
The technique, scheduled to be demonstrated Thursday at the Black Hat security conference in Las Vegas, decodes encrypted data that online banks and e-commerce sites send in responses that are protected by the widely used transport layer security (TLS) and secure sockets layer (SSL) protocols. The attack can extract specific pieces of data, such as social security numbers, e-mail addresses, certain types of security tokens, and password-reset links. It works against all versions of TLS and SSL regardless of the encryption algorithm or cipher that's used.
Good thing we use Webroot SecureAnywhere with it's Identity Shield.
Webroot® SecureAnywhere™ Internet Security Complete Beta Tester v126.96.36.199 on my main system Alienware 17R2 with Windows 10 Professional x64 Version 1607 (Build 14393.479) & Motorola Moto Z Android 6.0.1 Marshmallow with WSA Mobile Complete v188.8.131.5260 which is full Cloud now as well! I also test new Windows Insider 32bit & 64bit builds on Virtual Machines.
Microsoft® Windows Insider MVP - Windows Security