Fla. Firm Attempts to One-Up SS

30 September 1999
A Florida-based transaction security provider is claiming that the Secure Socket Layer (SSL) protocol is susceptible to criminal attacks that could cost investors and companies millions of dollars. The firm, Digital Bond, also claims that it has developed superior technology.

The company performed a demonstration this week at Comdex Miami in an effort to expose the SSL protocol's vulnerability. The demonstration showed how it was possible to capture User ID/Password pairs. This would allow criminals to trade stocks with other people's money and thus make money by manipulating stock prices.

"Internet brokerages and other e-commerce sites are using an inappropriate security protocol to protect their transactions", Digital Bond President Dale Peterson said. "The Secure Socket Layer protocol offers encryption for privacy, but it offers no transaction security. Criminals can exploit this misuse of security technology to steal money."

To address the security flaw, the company has developed an Internet transaction security protocol and system. The DigibondTM system, developed for online investors, is designed to authenticate the consumer and merchant identities; authenticate the transaction details; provide non-repudiation and enables irrefutable dispute resolution.

Online investors using the Digibond system will be issued a smart card (a credit card with an embedded security chip) which will sign every order and validate every receipt. The idea is, without the card and the password, no one can trade on your account.

"People require ATM cards to withdraw $60 in cash," Peterson said. "Certainly a stock transaction costing $10,000 or more requires at least the same level of security."

The firm says experts at Carnegie Mellon University are reviewing the protocol, and the results will be published this year along with the protocol.

SSL, an encryption overlay system, is recognized as one of the Internets most highly secure transaction protocols. Digital Boond claims that the protocol's 128 bit encryption capabilities give consumers a false sense of security. To back up its claims it has issued a white paper that it says details criminal attacks against SSL protected transactions.

For more information about Digital Bond, its products and/or the white paper, visit http://www.digitalbond.com .