Technology to thwart even the most aggressive internet hackers has been unveiled by mathematicians from International Business Machine's research laboratory in Zurich and the Swiss Federal Institute of Technology.
The researchers claim to have created the first "unbreakable protection" for computer data - a breakthrough in encryption technology that could ensure the security of electronic commerce.
The technology "really will make a big difference" to the security of internet transactions such as buying books from a web site using a credit card number, said Mr Charles Palmer, IBM's top encryption researcher and head of the company's "ethical hacking" group, which searches for security loopholes on behalf of IBM customers. The breakthrough comes amid growing anxiety about the vulnerability of internet transactions since the discovery by researchers earlier this year of a new way to break through even the strongest encryption systems.
IBM claims the "Cramer-Shoup cryptosystem", which was unveiled this week at the Crypto98 conference at the University of California-Santa Barbara, closes the door on these so-called "active" attacks - considered by security experts to be a serious security weakness.
Until these types of attack began, "strong" commercial cryptosystems were thought to be secure because they were built around complex mathematical problems which were unsolvable. However "active" attacks bypass the difficulty of solving the underlying mathematical problem by sending a series of cleverly constructed messages to a computer that holds the decryption key.
By analysing responses to the bogus messages, an attacker can decode encrypted messages passing through that network. The Cramer-Shoup method thwarts these attacks by adding another series of calculations which ensure the server leaks no information when responding to bogus text.
"It's important that we nip this type of powerful attack in the bud," said Mr Victor Shoup of IBM's Zurich Research Laboratory, who invented the new security system with Mr Ronald Cramer of the Swiss Federal Institute of Technology.
There are only perhaps a few dozen people capable of pulling off a successful active attack, added Mr Palmer. However, closing the loophole was essential in case any of them should "go over to the dark side".
IBM plans to incorporate the new technology in a future version of its security software. The company will also make it available free to other software and computer suppliers.
A bug in Microsoft's free Web-based email service, Hotmail, has allowed Canadian Web programmers to gain access to users' passwords.
Staff at Alberta-based re-sellers Specialty Installations found that by including a JavaScript programme they wrote in email to Hotmail users, they could mimic the Hotmail Web interface, pretend there was a problem, and ask users to re-type their usernames and passwords. These were then mailed back to the group in Canada.
Hotmail said it had temporarily fixed the problem, but Specialty Installations later said it had bypassed this fix. Other Web-based email providers are also checking their systems.
:quality(70)/cloudfront-eu-central-1.images.arcpublishing.com/irishtimes/VR3765MFOBH2NMV2QNICYDF67M.png)