About Thawte

News

New research findings will make SSL stronger

New research from security experts could point to stronger SSL implementation in the future. According to Lucian Constantin of IDG News Service, the findings were based on an attack discovered last September that used decrypted authentication information stored in headers sent during HTTP session cookies to fool victims into loading a malicious piece of JavaScript. Once the malware was downloaded, a user's browser would be forced to make specifically crafted requests to websites thought to be secure while cybercriminals eavesdropped on network communications.

Tal Be'ery and Amichai Shulman, the researchers responsible for the discovery, followed the same general guidelines from the previous finding with some exceptions. Unlike the original attack that took aim at HTTP requests, requiring control of both the plaintext and the encrypted message, the researchers instead used target information stored in the actual web content served to the users.

"The vast majority of sites...compress responses by default," Be'ery is quoted as saying in IDG News. "HTTP compression is supported by most web servers and is actually recommended for server administrators to have it enabled because it saves bandwidth."

While attackers could theoretically broaden their base of attack, the new research identified that certain conditions need to be met, namely, a cybercriminal's ability to embed specific data into the response by passing it through a URL.

Another opportunity to enhance computer security
By identifying an attacker's methods and possible motivations behind an attack, security experts can move to improve on existing cryptographic technologies. Constantin noted that the researchers recently suggested possible mitigation steps at the Black Hat Europe conference. Those steps include implementing cross-site request forgery protection, ensuring that web applications do not accept unknown parameters, and deploying anti-automation measures that would detect and block an unusually large number of requests from the same user.

The most current encryption technology allows both developers and users to stay one step ahead of potential cyberattacks. Visit Thawte today and purchase the latest in SSL certificates.

corporate office

Thawte
The Gateway
Century Lane
Century City, 7441
Cape Town
South Africa

Postal Address:
P O Box 15986
Panorama 7500
Cape Town
South Africa

Call: +27 21 819 2200
Fax: +27 21 819 2950

Thawte is a leading global Certification Authority. Our SSL and code signing digital certificates are used globally to secure servers, provide data encryption, authenticate users, protect privacy and assure online identifies through stringent authentication and verification processes. Our SSL certificates include Wildcard SSL Certificates, SAN /UC Certificates, SGC SuperCerts and Extended Validation SSL Certificates.

What is an SSL Certificate Which SSL Certificate is Right for Me? Why Choose Thawte?