Security researchers claim to have found serious flaws in Microsoft's Internet Explorer (IE) web browser.
Mike Benham, an independent security researcher based in San Francisco, has reported the weaknesses to security industry mailing list Bugtraq. He said that IE fails to check the validity of digital certificates used to prove the identity of websites, allowing for an "undetected, man-in-the-middle attack".
The problem has apparently existed for five years. It enables an attacker to intercept personal data when a user is making a purchase or providing information for ecommerce purposes.
Digital certificates are typically issued by trusted certificate authorities - such as VeriSign - and are used by websites in conjunction with the Secure Sockets Layer (SSL) protocol for encryption and authentication.
Bruce Schneier, a cryptography expert and co-founder and chief technology officer at Counterpane Internet Security, a California-based network monitoring firm, said that this was one of the worst cryptographic vulnerabilities he had seen in a long time.
He said the flaw meant that all the cryptographic protections of SSL would not work for a Microsoft IE user.
Microsoft said that it is investigating the flaw, but pointed out that an attacker would have to create a fake website and redirect people from a legitimate website to the fake one to exploit the vulnerability.
Why does Facebook store "my entire call history with my partner's mum", asks developer who requested his Facebook data
Facebook database included text-message metadata - despite not using Facebook Messenger for SMS
Before Ocado could start selling the technology it had developed to other retailers, it had to tear down and rebuild its own monolithic architecture
Successful attack could result in harm to patients and financial loss, warns NHS governing body
Guccifer 2.0 claimed to be a lone Romanian hacker - until a schoolboy error gave him, her or them away