Just when you thought it was safe to go online, the hackers at Def Con announced a new security flaw regarding the way websites prove their validity.
Currently, websites that deal with personal information make use of SSL technology to maintain a secure connection. You may be more familiar with SSL security by the little padlock icon that shows up in most browsers or the "s" that follows "HTTP" in a web address. Generally these indicators mean that anything you transmitted to the website was secure, but these newly found flaws allow for someone to tap the connection.
Basically this flaw lets a hacker trick your web browser into not looking further at a web address that has a special character in it, letting unscrupulous individuals pose as a legitimate site. From there they can collect personal information and even install software on your computer.
The good news is that the Seattle Post checked in with Microsoft and Mozilla, who make the world's most popular browsers, and learned that the issue is currently being investigated. Mozilla, makers of the Firefox browser, indicated that its latest update fixed a portion of the problem, and told the Post that, "the rest will be fixed in an update coming this week."
So take note: the next time your browser asks you to update it and you think of dismissing the notification since you're super busy, you might be saving yourself a headache down the road by spending three minutes getting up to date. Do it now, before the hackers have time to fully exploit this issue and begin attacking out-of-date computers.
While it may seem easy to get angry with the hackers at Def Con 17 for telling the world about this security issue, you should actually be thanking them. By publishing this issue they are essentially forcing the security experts who deal with SSL technology to get to work fixing the problem instead of relying on security through obscurity. The proof? Shortly after this flaw was revealed VeriSign, the company who handles SSL certificates, received applications for sites trying to exploit this security issue and turned them all down.
Hacker conference announces internet security flaw