News

Breach in Key Security Discovered

Cryptographic researchers have discovered a potential vulnerability in the security of Web server infrastructure. Until now, it was believed that security information called "private keys" could not be found in the memory systems of a server and compromised. Recently, however, researchers have discovered that it may be possible for any user with the ability to execute software on a company's e-commerce server to access cryptographic keys and retrieve sensitive information.

A security solution has been released by nCipher (www.ncipher.com), an e-commerce security firm, to prevent key-finding security violations. It includes a user interface to automatically export a key from an existing Web server and store it in nCipher's hardware, where it is protected from attack. The key management tool is available free to existing nCipher customers.

In many commercial secure Web servers, private keys are encrypted and stored within the server, where they must be decrypted before use. Once decrypted into plain text, the key is vulnerable to the "key-finding" attack. Because the keys used in secure Web servers are unusual numbers that are easily identifiable, a hacker needs only to look for the special characteristics of a key in order to find it among the gigabytes of data stored in a commercial server.

Once a hacker has found the key, gained permission to read the surrounding memory, and copied the key, he has access to the entire Web server. The loss of a Web server's private key allows all past transactions with that server to be decoded, as well as any information processed through the server. -- Isaac Slepner

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.

Featured

  • Azure Backup for SQL Server Now Commercially Available

    Microsoft on Monday announced that Azure Backup for SQL Server had reached "general availability" status, meaning it's deemed ready for production-environment use.

  • Insights for MyAnalytics Getting Switched On for Office 365 Users This Month

    Microsoft is planning to activate "Insights for MyAnalytics" sometime late this month for most Office 365 users, but the ability of organizations to manage this feature won't be available until possibly mid-May.

  • SharePoint Framework 1.8 Now Generally Available

    Microsoft this week announced that SharePoint Framework 1.8 had reached "general availability" status, although some features are still at the preview stage.

  • How To Create Office 365 User Accounts in Bulk

    Manual account creation can be tedious, time-consuming and prone to human error, especially if you have more than a handful of Office 365 users to set up. Brien shows you a better way.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.