Mobile threat defense solution provider, Corrata, announced the discovery of poor encryption practices on a number of major websites including Irish telecoms company Eir and German newspaper Bild. In line with its responsible disclosure practice, Corrata contacted the owners of the websites concerned and the weaknesses have now been remedied. However it is likely that other websites contain similar vulnerabilities and Corrata urges website owners to make sure that their encryption is in line with industry best practice.
Latest ITechnology News: HUB Security Announces a $18Million Framework Agreement to Provide Confidential Computing Hardware Solutions
Today the vast majority of websites use encryption to ensure that sensitive data exchanges between users and the website remain confidential. This confidentiality depends on the use of an internet protocol known as Transport Layer Security (TLS). HTTPS is the implementation of TLS used when browsing websites. Its use is usually signalled by the appearance of the lock symbol at the top left hand corner of the browser address bar.
However not all website implementations of https are equally secure. Some websites use out of date versions of the protocol which are known to be vulnerable to hacking. This is particularly risky when using Wifi networks because the traffic passing between a mobile phone and a Wifi access point can easily be spied upon. Internet users rely on the fact that sensitive data is transmitted in encrypted form to combat such spying. However where weak encryption is used it will fail to protect sensitive data such as p********, financial information and other confidential data.
Latest ITechnology News: Cloudflare Joins EU Cloud Code of Conduct, Achieves New Certifications to Accelerate Trust and Compliance Confidence in Cloud Service
The specific weakness discovered by Corrata related to a misconfiguration of the sites’ web servers to favor an old insecure cipher called RC4 when accessed using iOS devices (iPhones and iPads).  Vulnerabilities in this cipher make it vulnerable to hacking and website owners have been strongly advised not to use it for at least ten years. Devices with Corrata’s mobile threat defense solution installed automatically detect these flaws and prevent users’ data being stolen. It is these routine checks which brought the vulnerability to light.
Latest ITechnology News:Â Parks Associates 34% of MDU Property Managers Offer IoT Devices in at Least One Property They Manage
[To share your insights with us, please write to sghosh@martechseries.com]
