Researchers from Indiana University and Microsoft itself were able to infer the sensitive data by analyzing the distinct size and other attributes of each exchange between a user and the website she was interacting with. Using man-in-the-middle attacks, they could glean the information even when transactions were encrypted using the Secure Sockets Layer, or SSL, protocol or the WPA, or Wi-fi Protected Access protocol.
“As we move further down the route of web 2.0 with all its wonderful and new abilities, more vulnerabilities will be revealed over time”, comments Michael Struss, Sales Director at InfoWatch Central Europe, one of the leading companies specializing on the protection of private and confidential data. “The operators of social networks and other web driven applications and related services need to be adamant to close any open data leakage channel. If not, users must refrain from using them – for the sake of their own personal data security safety”.
