No matter how well you secure your computer system, there's always someone bent on cracking it. According to a new white paper by nCipher, even encryption keys stored on your server aren't as secure as you once thought.
The new paper, "Protecting Commercial Secure Web Servers from Key-finding Threats," exposes potential methods that could be used to attack your once secure system and suggests some security measures to protect against the attacks.
Until now, it was believed that security information called "private keys" could not be found in the memory systems of a server and compromised, the report says. The researchers' discovery introduces the possibility that any user with the capability to execute software on a company's e-commerce server could
quickly locate cryptographic keys that would allow access to secure information ranging from personal customer data to credit card numbers.
nCipher has developed a solution. The company provides users with a simple user interface to automatically export a key from an existing Web server and store it in nCipher's hardware, where it will be safe from a "key-finding" attack and easier to manage securely.
The white paper can be read at the company website at: ncipher.com/keyfinding.html.
Founded in 1996, nCipher is a provider of high performance security solutions specifically designed for e-commerce and Internet transactions. The company develops secure hardware solutions for server
applications including Web sites, e-commerce and digital certification.