Geek News: Latest Technology, Product Reviews, Gadgets and Tech Podcast News for Geeks


Tag: netsletter

SSL No Longer Secure in the Face of Marketscore Spyware

Posted by geeknews at 5:43 PM on November 30, 2004

Secure Sockets Layer, the fundamental security service for the world’s websites and many networks is at risk in the face of a new spyware application, Marketscore, an application that promises to speed up web browsing. The software is bundled with iMesh P2P (peer-to-peer) software and is popular with university students.

Marketscore is a descendent of the Netsetter spyware application. The application forces requests for web pages to be passed through proxy servers, allowing cached (previously downloaded) copies of pages to be served, rather than the most current, copies. Because Marketscore creates a trusted certificate authority on computers running the application, it’s possible for Marketscore’s proxy servers to extract sensitive data by using the certificate authority to unencrypt the data during it’s transmission from the website to the user’s computer. Credit card, banking, and online purchase data are just some of the data users routinely encrypt using SSL (Secure Sockets Layer), a service that normally operates in the background, away from most users’ eyes.

Dave’s Opinion
There is a fundamental rule that we should all remember: if it sounds too good to be true, it probably is (too good to be true). The online corollary to this rule is: there’s no way to improve download speed, except to connect to a line with greater bandwidth; proxy server caching doesn’t really work.

Call for Comments
What do you think? Leave your comments below.

References
Marketscore