Website security flaw

News

A weakness in the internet's digital certificate infrastructure allows attackers to forge certificates that are fully trusted by all commonly used web browsers.

Researchers in Europe and the US have found a weakness in the internet's digital certificate infrastructure that allows attackers to forge certificates that are fully trusted by all commonly used web browsers.

As a result of this weakness it is possible to impersonate secure websites and e-mail servers and to perform virtually undetectable phishing attacks, implying that visiting secure websites is not as safe as it is believed to be.

The researchers, at UC Berkeley in California, the Centrum Wiskunde and Informatica (CWI) in the Netherlands, EPFL in Switzerland, and Eindhoven University of Technology (TU/e) in the Netherlands, presented their results at the 25C3 security congress in Berlin on 30 December 2008.

When you visit a website whose URL starts with 'https', a small padlock symbol appears in the browser window. This indicates that the website is secured using a digital certificate issued by one of a few trusted Certification Authorities (CAs).

Register now to continue reading

Thanks for visiting The Engineer. You’ve now reached your monthly limit of news stories. Register for free to unlock unlimited access to all of our news coverage, as well as premium content including opinion, in-depth features and special reports.  

Benefits of registering

  • In-depth insights and coverage of key emerging trends

  • Unrestricted access to special reports throughout the year

  • Daily technology news delivered straight to your inbox

Register
Or continue by

Signing in with your registered email address