Researchers at the Royal Holloway University described the widespread seriousness of a major security flaw used in online banking, credit card data, Facebook accounts, and a majority of workplace computer systems in a Feb. 3, 2013 report.
The Transport Layer Security (TLS) protocol, even TLS 1.2, was found to be sensitive to attack from cybercriminals because of the way the protocol terminates TLS sessions.
Each time a session is terminated a small amount of data was found to be left available to a potential attacker. With enough time and enough sessions a data thief can build up a complete picture of the data being sent and eventually steal the entire data set or part of the data set from a bank, credit card company, or even Facebook.
Professor Kenny Paterson from the Information Security Group at Royal Holloway and Ph.D. student Nadhem Al Fardan are presently working with Google, Oracle and OpenSSL, banks, credit card companies, and other organizations to implement a set of protocols that eliminate the flaws in the present TLS systems.
One can attempt to prevent identity theft by changing passwords frequently, signing out of Facebook, Twitter, or banking sites when not actually using them, turning off automatic site loading programs, and checking your computer regularly with an antivirus program that detects tampering with the TLS protocol.
All these efforts will not help you as an individual user.
Your bank, ISP, credit card company, and Facebook must make the fix.
Comments