Cyber security company Qualys uncovered a security breach in a popular encryption mechanism that could allow hackers to reach the personal data of users in 10% of global sites. The breach is in the SSL/TLS encryption standard and is called Poodle, according to Qualys, and this is an improved attempt of a breach that was first found last October.
Qualys conducted security checks on a number of leading sites that were given a fail mark including the Bank of America.
An investigation by "Globes" found that many large Israeli banks and credit card companies were listed on the website of Qualys, which uncovered the breach, as vulnerable to the new breach. On the list were Israel Discount Bank (TASE: DSCT), Mizrahi Tefahot Bank (TASE:MZTF), First International Bank of Israel (TASE: FTIN) and Isracard Ltd..
The SSL standard encrypts transmissions and data between sites and their users while the Poodle breach lets hackers remove the encryption and access users personal data - user name and password - and connect up to sites impersonating them. Banks and financial sites are clearly the most at risk when such information is leaked.
Bank Hapoalim (TASE: POLI) said, "The subject was dealt with and arranged yesterday."
Isracard said, "Several weeks ago we already received information from an international credit card company that found a bug in international protocol version SSL 3. The company immediately began operations to change the protocol and the process is due to be completed in the coming days. Yesterday we received information from the TLS report center about another bug version 1.2 but Isracard does not use this version with our customers.
The other banks have yet to comment.
Published by Globes [online], Israel business news - www.globes-online.com - on December 10, 2014
© Copyright of Globes Publisher Itonut (1983) Ltd. 2014