Flaw Found in an Online Encryption Method [New York Times]
The protocol used to encrypt certian online transmissions might have flaws that could expose encrypted data to exploits. Used for online shopping, banking and other secure services, the protocol is supposed to keep data like credit card numbers secret from hackers that might attempt to snoop on Internet transactions.
Recently a group of computer scientists released a paper that indicates the system is not as secure as it should be.
From a basic level, data is encrypted with two sets of keys. The first is a random combination of two large prime numbers. The second is the product of the multiplication problem of those two numbers. Critical to encrypted data being impossible to break into is the randomness of the first two numbers.
The scientists used a database of publicly available keys to determine that many of the prime numbers used in the first key were not as random as they should have been. In fact, in around two of every one thousand uses, the numbers weren't random. While that's a small percentage of all uses of the encryption protocol, it represents a small number of supposedly secure transmissions that could be cracked into by hackers.
Because the problem originates in the protocol itself, there's not a solution for end users. It will be up to individual web sites to make changes that eliminate the vulnerability.