Swiss Crack E-Mail Code, but Minimal Impact Seen Thu February 20, 2003 08:45 PM ET
NEW YORK (Reuters) - Researchers at a Swiss university have cracked the technology used to keep people from eavesdropping on e-mail sent over the Web, but U.S. experts said on Thursday that the impact would likely be minimal. Professor Serge Vaudenay of the Swiss Federal Institute of Technology in Lausanne found a way to unlock a message encrypted using Secure Socket Layer protocol technology, according to a posting on the research institute's Web site. However, U.S. cryptography experts said it was not the version of security that most consumers use to shop online. Rather, it is a version that only affects e-mail, is limited in scope and not widely used, said Professor Avi Rubin, who is technical director of the Information Security Institute at Maryland's Johns Hopkins University. In addition, an attacker would have to be in control of a network computer located in the middle of the two people communicating over which the messages were flowing, he said. "It's possible, but it has limited applicability," he said. He said patches are already available to fix the hole, which affects one particular mode of OpenSSL. Like all co-called "open source" software, OpenSSL is free software created by developers who can modify it at any time. "This is not something that anybody really needs to worry about," Rubin said. Bruce Schneier, chief technical officer at network monitoring firm Counterpane Internet Security, agreed. "As a cryptographer, I am impressed. That's really nice work," he said of the research. "As a guy who wants to protect my secrets tomorrow, I don't care." Besides the mitigating circumstances which lessen the likelihood that attackers would be successful, Schneier said SSL is irrelevant to security because attackers can more easily get at secret information while it is stored on computers and servers at the sending and receiving ends. "SSL protects the communications link between you and the Web" server, he said. "Nobody bothers eavesdropping on the communications while it is in transit." source: http://www.reuters.com/newsArticle.jhtml;jsessionid=4Y0LLU2CMBKUWCRBAEKSFEY?type=technologyNews&storyID=2263603
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
