SSL data streams - a hotbed of a fraud

There was a good mini-feature on the Computerworld Web site yesterday about the darker side of hacking and the rise of malware and illegal data e-commerce Web site.

Your can read the piece here, but the really interesting stuff is in the middle of Jaikumar Vijayan's feature.

The feature notes that a security researcher with SecureWorks discovered that the Gozi trojan was designed to intercept data data from encrypted SSL streams and send it to a server based in St. Petersburg, Russia.

Quite apart from the multi-vector approach of the trojan, I think it speaks volumes that the SSL data streams are ending up in Russia, where they're being decrypted in real time.

Yup, it's now possible to do this using an ASIC-based server from several security vendors. Which makes a total mockery of Secure Sockets Layer technology.

And remember folks, SSL is at the heart of e-banking services in the UK. I trust you'll remember this next time you log on...