Security protocol for online banking and Facebook has 'serious weaknesses,' say researchers

February 03, 2013

The protocol that provides security for online banking, credit card data and Facebook has major weaknesses, according to researchers at Royal Holloway University.

The Transport Layer Security (TLS) protocol is used by millions of people on a daily basis. It provides security for online banking, as well as for credit card data when shopping on the Internet. In addition, many email systems in the workplace use it, as well as a number of big companies including Facebook and Google.

Professor Kenny Paterson from the Information Security Group at Royal Holloway and PhD student Nadhem AlFardan found that a so-called 'Man-in-the Middle' attack can be launched against TLS and that sensitive personal data can be intercepted in this way. They have identified a flaw in the way in which the protocol terminates TLS sessions. This leaks a small amount of information to the attacker, who can use it to gradually build up a complete picture of the data being sent.

Professor Paterson said: "While these attacks do not pose a significant threat to ordinary users in its current form, attacks only get better with time. Given TLS's extremely widespread use, it is crucial to tackle this issue now.

"Luckily we have discovered a number of countermeasures that can be used. We have been working with a number of companies and organisations, including Google, Oracle and OpenSSL, to test their systems against attack and put the appropriate defences in place."
-end-


Royal Holloway, University of London

Related Facebook Articles from Brightsurf:

Facebook political ads more partisan, less negative than TV
More political candidates may be shifting primarily to social media to advertise rather than TV, according to a study of advertising trends from the 2018 campaign season.

Facebook anniversaries inspire reflection, nostalgia
Posted on Facebook, milestones such as birthdays and anniversaries prompt users to reflect on the passage of time and the patterns of their lives -- and help the social media giant recycle content in order to boost engagement, according to new Cornell research.

Healthier and happier without Facebook
Two weeks of 20 minutes less time per day on Facebook: a team of psychologists from Ruhr-Universit├Ąt Bochum (RUB) invited 140 test persons to participate in this experiment.

Facebook language changes before an emergency hospital visit
A new study published in Nature Scientific Reports reveals that the language people use on Facebook subtly changes before they make a visit to the emergency department (ED).

When college students post about depression on Facebook
When college students post about feelings of depression on Facebook, their friends are unlikely to encourage them to seek help, a small study suggests.

Quitting Facebook could boost exam results
In research that validates what many parents and educators suspect, students whose grades are below average could boost their exam results if they devoted less time to Facebook and other social networking sites.

Depressed by Facebook and the like
Great holiday, fantastic party, adorable children, incredible food: everyone shows their life in the best light on social networks.

Can Facebook improve your mental health?
Contrary to popular belief, using social media and the internet regularly could improve mental health among adults and help fend off serious psychological distress, such as depression and anxiety, finds a new Michigan State University study.

How stress leads to Facebook addiction
Friends on social media such as Facebook can be a great source of comfort during periods of stress.

The dead may outnumber the living on Facebook within 50 years
New analysis by academics from the Oxford Internet Institute (OII), part of the University of Oxford, predicts the dead may outnumber the living on Facebook within 50 years, a trend that will have grave implications for how we treat our digital heritage in the future.

Read More: Facebook News and Facebook Current Events
Brightsurf.com is a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to Amazon.com.