Numerous software companies across the globe have gone into damage control overdrive ever since a major flaw was detected in the technology that enables the transferring of important and confidential information securely over the web. The software bug has been located in the SSL (Secure Sockets Layer) protocol that allows users to conduct financial transactions online and surf the internet securely, without revealing their personal information.

The current flow in this extremely crucial security protocol provides the hackers venues or openings in the websites that begin with HTTPS, thereby allowing them ti intercept the information flow in midway. This new method of hacking is known as a man-in-the-middle attack. This sort of an attack can easily be used against servers and databases to capture personal and financial information of the users.

According to Chris Paget (Chief Technology Officer, H4rdw4re),

“It’s a protocol-level flaw. There’s a whole lot of stuff that’s going to have to get fixed on this one: Web browsers, Web servers, Web load balancers, Web accelerators, mail servers, SQL Servers, ODBC drivers, peer-to-peer protocols.”

The SSL bug was discovered by the researchers working for a mobile phone security company, PhoneFactor, that continuously monitors emerging threats for today’s smart phones. For the last two months, PhoneFactor has been working strenously with the Industry Consortium for Advancement of Security on the Internet (ICASI) to find a suitable fix for the SSL bug. However, Martin Rex a researcher at SAP broke the news of the SSL bug via a blog post on the Internet Engineering Task Force discussion board.

Via Computer World.