By Jennifer Valentino-DeVries 

A dilemma this spring for engineers at big tech companies, including Google Inc., Apple Inc. and Microsoft Corp., shows the difficulty of protecting Internet users from hackers.

Internet-security experts crafted a fix for a previously undisclosed bug in security tools used by all modern Web browsers. But deploying the fix could break the Internet for thousands of websites.

"It's a twitchy business, and we try to be careful," said Richard Barnes, who worked on the problem as the security lead for Mozilla Corp., maker of the Firefox Web browser. "The question is: How do you come up with a solution that gets as much security as you can without causing a lot of disruption to the Internet?"

Engineers at browser makers traded messages for two months, ultimately choosing a fix that could make more than 20,000 websites unreachable. All of the browser makers have released updates including the fix or will soon, company representatives said.

The newly discovered weakness could allow an attacker to read or alter communications that claim to be secure. It was disclosed Tuesday by an international team of computer scientists that has found several problems in technology behind prominent security tools, including the green padlock on secure websites.

It's unclear whether hackers have exploited any of the flaws. Researchers said they were more likely to have been used by governments for surveillance than by criminals trying to steal credit-card numbers. In a draft paper published Tuesday, the researchers said the National Security Agency may have exploited one such flaw to spy on virtual private networks, or VPNs. NSA didn't respond to a request for comment.

The bugs and the efforts to fix them highlight key weaknesses in computer security. Researchers say the Internet is vulnerable in part because it is so decentralized and has been built piecemeal, from thousands of contributors more interested in communication than security.

"It's like an amateur rock band here," said Matthew Green, a cryptographer and professor at Johns Hopkins University who has been investigating the problem.

Even after the fix to a problem is publicized, many users and website operators don't apply it. More than a year after disclosure of the Heartbleed bug, which allowed attackers to steal protected information, researchers at the University of Michigan say about 4,000 of the world's one million busiest websites remain vulnerable.

The story of the new bug began several years ago, when researchers at French computer-science lab Inria began looking for flaws in the way different programs use communications protocols, or computer handshakes, that underlie the Internet. Last year, they began probing software that used TLS, or "transport layer security," which creates secure connections for things like electronic payments and sensitive data.

During the winter, they discovered a problem, which they called "Freak," in the way many Android, Apple and Microsoft browsers handled TLS.

The Freak bug, disclosed in March, was the unintended consequence of a decades-old U.S. policy to limit the strength of encryption exported to other countries, so the U.S. could more easily spy on enemies.

The restrictions were dropped in the 1990s, but many computers still included weak export security "keys," long random numbers used to encode and decode messages. In general, the longer the key, the harder it is to crack the code. The Freak flaw allowed an attacker to force another computer to use a smaller "export" key, which could more easily be broken.

The new bug, dubbed LogJam, is a cousin of Freak. But it's in the basic design of TLS itself, meaning all Web browsers, and some email servers, are vulnerable.

Researchers found two other reasons for worry: The LogJam flaw allows an attacker to trick a browser into believing that it is using a regular key, not the export version. And they saw that many computers reuse the same large numbers to generate the keys, making them easier to crack. Researchers say about 8% of the top million sites are vulnerable to the new bug because they support those export keys.

Browser makers could remedy the problem by changing their browsers to reject small keys. But that would disable thousands of legitimate Web servers.

The companies agreed to reject small keys, but debated where to set the threshold. Keys are measured by their length in bits, the 1s and 0s of computer code.

A tough standard, requiring sites to have a key with 2,048 bits, or 617 digits, would have broken more than half of the Web's one million busiest sites, researchers said. By contrast, requiring a key with 512 bits, or 155 digits, would maintain the status quo in most browsers. But a 512-bit key doesn't provide much security: Researchers were able to crack many 512-bit keys in "minutes," they said.

Ultimately, browser makers decided to move toward rejecting keys with fewer than 1,024 bits, or 309 digits. That could leave about 0.2% of secure websites inaccessible.

The disclosure of Freak, and the resulting publicity, likely reduced the number of vulnerable sites. When researchers disclosed Freak in early March, more than 36% of secure websites were vulnerable to that problem, according to scans performed by a lab at the University of Michigan. Less than a month later, the number had fallen to 6%.

To fix Freak, website operators had to change a few lines of software code. In doing so, many site operators may also have unknowingly fixed the new bug.

Sites that recently remained vulnerable to Freak include ohio.gov and the medical school and hospital at the University of Chicago.

A spokesman for ohio.gov said Tuesday evening that it had "successfully completed a fix to this problem" so the site was no longer at risk. In a statement, the university said any user is "subject to vulnerabilities," adding that the university "has processes in place to manage risk."

Ironically, the main website of the University of Michigan, home to several researchers working on the bug, was vulnerable until a few days ago. "It takes time for the updates and patches to be fully implemented, " a university spokesman said.

Many sites that remained vulnerable to Freak after two months were small businesses, which might not have dedicated security staffers assigned to monitor bug disclosures. When sites are specifically notified of problems, they're more likely to fix them, said Zakir Durumeric, a researcher in the Michigan lab.

One affected site, quilthome.com, which sells quilting fabrics, fixed the Freak flaw within 24 hours of an email from The Wall Street Journal. The site's owner declined to comment further.

Browser makers are publishing fixes for the new flaw. Microsoft published one last week in recent Windows versions. "We encourage all customers to apply the update to help stay protected," a spokesperson said.

Google said it would immediately fix a test version of its Chrome browser and that the fix would likely be in the average person's browser within weeks. Mozilla said it is updating Firefox within a few days.

But researchers know that it will be a while before every website applies the fixes.

"The top sites are very good at this and fix things in a matter of hours. Then there are major sites with an IT staff that can get this in a few days or weeks. But then there is this very long tail of sites that don't patch," Mr. Durumeric said. "As far as we can tell, this tail never ends."

Rob Barry contributed to this article.

Write to Jennifer Valentino-DeVries at Jennifer.Valentino-DeVries@wsj.com

Access Investor Kit for Apple, Inc.

Visit http://www.companyspotlight.com/partner?cp_code=P479&isin=US0378331005

Access Investor Kit for Google, Inc.

Visit http://www.companyspotlight.com/partner?cp_code=P479&isin=US38259P5089

Access Investor Kit for Google, Inc.

Visit http://www.companyspotlight.com/partner?cp_code=P479&isin=US38259P7069

Subscribe to WSJ: http://online.wsj.com?mod=djnwires

Alphabet (NASDAQ:GOOG)
Historical Stock Chart
From Feb 2024 to Mar 2024 Click Here for more Alphabet Charts.
Alphabet (NASDAQ:GOOG)
Historical Stock Chart
From Mar 2023 to Mar 2024 Click Here for more Alphabet Charts.