SSL expert highlights current security state

SSL expert highlights current security state

Secure Sockets Layer and Transport Layer Security, which help protect the security of ecommerce, have been scrutinized recently after several exploits have breached the defenses, according to a recent Network World report.

Taher Elgama, CTO of Axway and one of the creators of SSL, told Network World's Tim Greene that that issues with SSL/TLS are not with its configuration, but centers around the timeliness of patching vulnerabilities.

"The problem is complex," Elgama told Greene. "It started with, yeah there is a weakness in the security protocol and we ought to recognize that and we have to go update it and fix it. That was before the whole [browser exploit against SSL/TLS] thing - the practical attack, so to speak."

Elgama added that organizations should be on the lookout for malware on their system and, if they are exposed to malware, criminals will be able to view their data regardless of SSL protection.

A recent PCWorld report revealed that researchers Thai Duong and Juliano Rizzo claim to have breached the TLS 1.0 encryption. Duong and Rizzo said at the recent BEAST Ekoparty security conference in Buenos Aires they used only a traffic sniffer and an unsophisticated piece of JavaScript code to breach the security layer.