Local websites risk attacks through SSL security protocol

Thursday, Mar 05, 2015 18:28

Some Vietnamese websites have been attacked through a security hole in SSL protocol, said Bkav security company. — Photo genk.vn

HA NOI (Biz Hub) — Some 255 Vietnamese websites have been attacked through a security hole in SSL protocol, including five sites of government agencies, six of banks and four of telecom companies.

This revelation was made by Bkav security firm on March 4.

A bug, named FREAK, has been discovered on the Secure Sockets Layer/Transport Layer Security (SSL/TLS) cryptographic protocol. It attacks Google and Apple mobile devices when they are used to access Hypertext Transfer Protocol over Secure (HTTPS) websites.

The hole in the protocol allows hackers to access HTTPS connections between guest computers and servers. From there, hackers can downgrade the computer security to a low level, allowing them to easily access websites and steal passwords and personal information.

The conditions required for successful exploitation is that the browsers as well as the websites they are being used to access must be affected. Safari and any default browser other than Chrome are at risk.

Bkav said that Apple will release a fix for the hole next week. It also pointed out that a representative of Google had confirmed that a fix was ready and had been transferred to Android device manufacturers.

Nguyen Hong Son, head of the firm's cyber security research division, noted that popular services such as Gmail and Facebook will not be affected by the hole. "While waiting for an official fix from Google and Apple, users should use alternative browsers such as Google Chrome to ensure their security," he added.

Bkav claimed that it has sent warnings and instructions to the owners of websites under attack in Viet Nam. — VNS

Comments (0)