Researchers Hack the Internet to Keep Us Safe
by Terrance Gaines
The Black Hat Technical Security Conference was this week and as you would expect, it was jam-packed with internet security geeks, researchers…and hackers alike.
Such is the case of Robert Hansen and Josh Sokol, two researchers who spoke to a large crowd during the conference about their attempt to hack into internet encryption technology (SSL) in order to find out what hackers can learn by putting together pieces of information left by a user’s internet browser during or after their internet session.
Without getting to geeky myself, Hansen and Sokol focused on SSL (Secure Socket Layer) because it is what internet browsers use to encrypt secure information travelling to and from website servers.
The idea behind their research was to find out how many bits and pieces they could first extract from an internet browser’s communication with website servers, then find out if they (or a hacker) could piece that information back together in order to get a better picture of what the secure information looked like. So they picked, poked, and prodded at SSL encryption not to hack it completely, but rather to find out how your average user’s internet browsing practices can leave hackers traces of information that they can build on.
It sounds as if their research provided results, due to the fact that during their presentation, Hansen and Sokol was able to outline several (and I’m talking more than three) weaknesses:
“The vulnerabilities arise out of the fact people can surf the Internet with multiple tabs open in their browsers at the same time, and that unsecured traffic in one tab can affect secure traffic in another tab…”
Don’t panic, the researchers admitted that it would be terribly hard for a hacker to use their method to actually turn internet security as we know it on its ear tomorrow. It just reinforces the fact that we need to be careful when we are browsing the web in order to make sure we are not making it easier (even if just a little) for hackers looking for ways to extract important information.
Another way we could be helping hackers listen into our conversations with the internet is via our home routers. Craig Heffner’s experiment consisted of using internet browsers via fake or malicious sites, to hack into home routers in order to launch attacks that could extract sensitive information, among other things. Heffner mentioned that it helps if the user hasn’t changed their default router username and password; but he says “Once you’re on the router, you’re invisible — you can do all kinds of things.”
That sounds as if the way we use internet tools when we visit sites where we have to enter secure information, could play a hand in the ability of a hacker to get hold of our information and do some serious damage. Just goes to show how vigilant we have to secure our own internet safety. “Nobody is gonna look out for you better than you” is what I always say.
via: Yahoo! News
Category: Experts | Tags: browser, internet security, router, SSLDid you like this article? Share It!
josephadeo says:
Even as an online evangelist for VeriSign I find this kind of research incredibly interesting — it definitely keeps the technology on its toes. It's also exceptionally validating that the only current ways of “beating”extended validation ssl in particular are going through unencrypted areas in the periphery (ie, different tabs), suggesting that the solution is more on the implementation side than the dev side. Of course, we'd like to see *everything* encrypted with EV, so that such an attack would be impossible, but perhaps those expectations a mite high. I look forward to more reports from conference.
Terrance Gaines says:
Thanks for the comment!
In the end, we as consumers must pay attention to how we access the internet as well. Take those extra precautions to ensure you are doing your part to keep your information safe.