Saboteurs spreading the Gameover banking trojan are using an encrypted secure sockets layer connection to remain undetected and have infected at least a quarter of a million machines.
Researchers at Dell SecureWorks Counter Threat Unit (CTU) detailed attackers' latest schemes to spread the financial malware in a blog post published last Friday.
The developers of many SSL libraries are releasing patches for a vulnerability that could potentially be exploited to recover plaintext information, such as browser authentication cookies, from encrypted communications.
The patching effort follows the discovery of new ways to attack SSL, TLS and DTLS implementations that use cipher-block-chaining (CBC) mode encryption. The new attack methods were developed by researchers Nadhem J. AlFardan and Kenneth G. Paterson at the University of London's Royal Holloway College.
Last year, Google introduced SSL (Secure Sockets Layer) encryption to searches made through Google.com. Now, the effort to strengthen user privacy through encrypted search queries is becoming global, and Google hopes this will “motivate other companies to adopt SSL more broadly.”
Note that countless users have their own concerns with Google and how it handles user data. SSL obviously can’t solve issues of trust, and that’s a separate issue. As far as keeping users safe from outside threats, this is a solid move. The announcement, from Google Software Engineer, Michael Safyan:
Open-source software developer Kai Engert has proposed an overhaul to the Internet's SSL authentication system, aiming to minimize the damage that would result from the compromise of one of the authorities trusted by major browsers.
Mozilla plans to ask all certificate authorities to review their subordinate CA certificates and revoke those that could be used by companies to inspect SSL (Secure Sockets Layer)-encrypted traffic for domain names they don't control.