At this year's Infosecurity Europe the information security business remains buoyant and, the good news is that the business appears to relatively immune to the ongoing economic woes that affect the rest of the IT industry

There are also some very interesting stories coming out of the show, not least from Peter Wood, a member of the ISACA Conference Committee.

Peter, who is chief of operations with First Base Technologies, revealed to assembled analysts and reporters that he and his colleagues have discovered a flaw in secure (https) Web communications.

The problem centres on the secure flag that is set on cookies. If, as often the case, the secure cookie flag is not set, then it offers a back door into a Web session that a user has open on his/her PC.

The security flaw stems from the fact that many Web sites switch from secure to standard http sessions - and back again - several times in a typical Web session in order to save on traffic.

The worrying part about the flaw, as Wood and his team cheerfully admit, is that it is a structural issue on the Internet and, as such, there is no ready solution.

In order to solve the problem, Web site operators will have to enhance their IP real estate to support multiple https Internet sessions for multiple site users, and maintain the security of those sessions, with all the attendant data overheads, for their site users.

And given that this can increase a site's data and IT resource usage by several hundred per cent, this is not a security issue that will be solved overnight.

Delicious

Digg

Reddit

Facebook

StumbleUpon