SCIENCE

Security Innovation has announced exceptional performance statistics for its NTRU encryption algorithm, providing further proof that adopting end-to-end encryption for web applications can be cost effective. This data comes on the heels of the release last week of Firesheep, a Firefox add-on that exposes the prevalence and simplicity of session hijacking vulnerabilities in websites. Firesheep was developed by Eric Butler, a freelance web application developer and Ian Gallagher, a Sr. Security Engineer at Security Innovation. The duo presented Firesheep to an eager audience at the ToorCon security conference, and demonstrated session hijacking flaws in both Facebook and Twitter.

Firesheep makes it easy to demonstrate and understand the impact of session hijacking, an attack in which a victim’s web session is stolen and used to impersonate the victim on a web site. This is a serious attack, but one that can be prevented with end-to-end encryption using technology such as SSL.

“Session hijacking is particularly dangerous in an open wireless network setting, such as in a public coffee shop” says Gallagher of Security Innovation. “Cookies are frequently issued on Web sites and freely accessible in clear text view over the network, making these attacks easy to carry out. We created Firesheep so that organizations can find and eradicate security flaws and reduce user risk.”

“Organizations that offer Web sites have a responsibility to protect the private information and credentials of users who depend on their services” said Ed Adams, CEO of Security Innovation. “Security Innovation is committed to helping organizations improve security measures and pleased to support the research work of our employees, such as Mr. Gallagher, as well as Mr. Butler in this regard.”

“One of the barriers to universal adoption of SSL is that common encryption algorithms like RSA and Elliptical Curve are performance intensive and often too costly to implement on every web request” said William Whyte, Chief Scientist at Security Innovation. “Security Innovation’s NTRU crypto is secure, standardized and incredibly fast. At up to 500 times faster than RSA, it allows service providers to focus resources on providing value to their customer, instead of spending valuable CPU cycles on cryptography.”

While unencrypted sessions cookies can lead to a session hijacking attack, there are other Web vulnerabilities, such as non-random session IDs, which developers need to guard against. To help organizations build application security expertise, Security Innovation provides dozens of eLearning courses on secure application development as well as a knowledgebase of secure coding standards.