Europe South Asia Asia Pacific Americas Middle East Africa BBC Homepage World Service Education

Front Page



UK Politics







Talking Point
On Air
Low Graphics

Friday, June 26, 1998 Published at 21:36 GMT 22:36 UK

Business: The Economy

Fatal flaw in Internet business security

A researcher at Lucent Technologies has discovered a software flaw, which would allow experienced hackers to break the encryption code used for electronic commerce.

The standard encryption software used for business on the Internet is known as secure sockets layer, or SSL. Daniel Bleichenbacher, an encryption specialist with Lucent's Bell Labs, has now discovered a way which would allow hackers to break this code and intercept the messages.

However, hackers would need a special Internet connection and send about a million specially crafted messages before being able to break the system's security. According to Mr Bleichenbacher it would take them up to two days to do that, and an attack could be easily detected.

Nonetheless the people behind the technology are shocked. Scott Schnell, vice president at RSA Data Security Inc., which helped develop the SSL technology said: "It is a serious flaw, and if it had been discovered by a bad guy, it could have been used surreptitiously to get into consumers' online banking transactions and other things."

But he cautioned that such an attack was "not something that a lone, average high school student programmer could mount on his own. I wouldn't underestimate the complexity of the science behind it."

Buying online

SSL technology is supposed to provide Internet users with a secure connection to a company server, for example when they transfer personal data like credit card numbers or banking details to a company they trust.

The news comes at a crucial time for e-commerce, the business on the Internet. Industry analysts have predicted that 1998 could be year when sales on the Net take off.

Many consumers, however, are still concerned about security and safety standards and the latest problem will not improve their confidence.

Good guys vs bad guys

Software writers are now busy writing a software patch to fix the problem.

The good news is that users will not have to update their Internet browsers. Daniel Bleichenbacher says the security flaw can be fixed on the server side.

RSA has already released a software patch and promised that it will release new software code next month that "fundamentally eliminates this whole class of attack."

But RSA's Mr Schnell has a word of warning as well: "There are always going to be new discoveries of flaws in the system. The question is how effectively will industry respond to minimise or eliminate that threat."

And he added that to keep networks secure was a matter of the good guys discovering cracks before the bad guys do.

Advanced options | Search tips

Back to top | BBC News Home | BBC Homepage |

The Economy Contents

Internet Links

Lucent Technologies

RSA Data Security

RSA software patch

The BBC is not responsible for the content of external internet sites.

In this section

Inquiry into energy provider loyalty

Brown considers IMF job

Chinese imports boost US trade gap

No longer Liffe as we know it

The growing threat of internet fraud

House passes US budget

Online share dealing triples

Rate fears as sales soar

Brown's bulging war-chest

Oil reaches nine-year high

UK unemployment falls again

Trade talks deadlocked

US inflation still subdued

Insolvent firms to get breathing space

Bank considered bigger rate rise

UK pay rising 'too fast'

Utilities face tough regulation

CBI's new chief named

US stocks hit highs after rate rise

US Fed raises rates

UK inflation creeps up

Row over the national shopping basket

Military airspace to be cut

TUC warns against following US

World growth accelerates

Union merger put in doubt

Japan's tentative economic recovery

EU fraud costs millions

CBI choice 'could wreck industrial relations'

WTO hails China deal

US business eyes Chinese market

Red tape task force

Websites and widgets

Guru predicts web surge

Malaysia's economy: The Sinatra Principle

Shell secures Iranian oil deal

Irish boom draws the Welsh

China deal to boost economy

US dream scenario continues

Japan's billion dollar spending spree