Womb-mate trouble - Are twins really more likely to be autistic?

IF YOU have ever bought anything online or used an Internet bank, you might have been running more of a risk than you bargained for. That's the conclusion of a new report which found that one in five e-commerce websites claiming to be secure is actually vulnerable to hackers. The study, carried out by Cambridge-based electronic security company N-cipher, examined 137,000 of the 140,000 websites purporting to use "strong" encryption to make either online transactions or remote access to company computers secure. The report found that 19 per cent of them were using short encryption keys, which can be broken relatively easily. In Britain, just under a quarter are using short keys, and things are even worse in France: 41 per cent use short keys. In the US, the figure is 15 per cent, but this still means more than 12,000 sites there are insecure. Making a transaction or checking your bank balance online on an insecure site makes confidential information vulnerable to hackers. "This sort of attack is particularly pernicious because you can't tell when it's taken place," warns Nicko van Someren of N-cipher. Generally speaking, the longer the key, the more difficult it is to break, says van Someren. His definition of "short" in the study is anything less than 900 bits, but in fact most of these sites are using keys of 512 bits or less. Among them are Barclays Capital, Royal Bank of Scotland, British Airways Travel Shops, the US First National Bank and Trust, and Royal Bank of Canada. Just a few years ago, 512-bit keys were safe and could only be broken using supercomputers. But processor speed has improved so rapidly that this can now be done using off-the-shelf machines. "All you need is access to a network of a few PCs or an Itanium chip," says van Someren. He recommends that organisations switch to 1024-bit keys. But why haven't they done that already? He blames it on apathy, and the assumption that these sites must be safe. "People operate on the basis, 'if it ain't broke, don't fix it'."