Security researchers claim to have found serious flaws in Microsoft's Internet Explorer (IE) web browser.
Mike Benham, an independent security researcher based in San Francisco, has reported the weaknesses to security industry mailing list Bugtraq. He said that IE fails to check the validity of digital certificates used to prove the identity of websites, allowing for an "undetected, man-in-the-middle attack".
The problem has apparently existed for five years. It enables an attacker to intercept personal data when a user is making a purchase or providing information for ecommerce purposes.
Digital certificates are typically issued by trusted certificate authorities - such as VeriSign - and are used by websites in conjunction with the Secure Sockets Layer (SSL) protocol for encryption and authentication.
Bruce Schneier, a cryptography expert and co-founder and chief technology officer at Counterpane Internet Security, a California-based network monitoring firm, said that this was one of the worst cryptographic vulnerabilities he had seen in a long time.
He said the flaw meant that all the cryptographic protections of SSL would not work for a Microsoft IE user.
Microsoft said that it is investigating the flaw, but pointed out that an attacker would have to create a fake website and redirect people from a legitimate website to the fake one to exploit the vulnerability.
Geoengineering on the sea floor near glaciers would form a new ice shelf to prevent melting
Alterations in capillary blood flow can be caused by body position change
Curiosity rover is in 'normal mode' but not transmitting scientific data back to base
NatWest outage comes a day after Barclays' IT systems shut out customers and staff