The flaw, which centres on the security flag of session cookies on popular web sites, means that, as web sites move users between http and https (secure) IP sessions, the cookie can be intercepted and used by someone eavesdropping on the internet data stream.
And with the widespread use of WiFi and mobile broadband methods of accessing the internet, Woods says it is a relatively easy task for hackers and man-in-the-middle attackers to use the session cookie and so masquerade as the original internet user.
Many sites, says Wood, do not set the secure text flag on their site`s session cookie.
Because http sessions have far less data and IT resource overheads than https sessions, major sites often only use the latter secure protocol when requiring users to enter personal data such as payment card details on specific pages.
And if the hacker uses the cookie to take over an internet session - on a wireless or cellular connection, or even in an internet cafe - they can then intercept this personal data.
Under certain circumstances, says Wood, it is even possible for a hacker to seize control of a supposed secure - and authenticated - IP session just as the user has entered their payment card data and other personal information.
Wood speculates that hackers may already be aware of what is a structural security flaw on the internet, bearing in mind a number of high profile hacks of e-commerce sites that use secure protocols to protect the interests of their customers.
"I`m pretty sure this exploit has been used by hackers in the past, It explains a lot about how some sites have been hacked," he says.
What makes matters worse is the fact that, if a site were to use the https protocol for an entire web session - the only way, says Wood, of preventing a hacker exploiting this flaw - then the data overheads of the site would soar by several hundred per cent.
"This isn`t a software or an internet browser problem. It`s also not an operating system security flaw. It can`t easily be solved unless web site operators invest in the required IT resources and bandwidth to support https sessions for the entire length of the user access session," he says.