DaemonForums  

Go Back   DaemonForums > DaemonForums.org > News

News News regarding BSD and related.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 1st March 2016
J65nko J65nko is offline
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 4,128
Default A Third of All HTTPS Websites Vulnerable To DROWN Attack

From http://it.slashdot.org/story/16/03/0...o-drown-attack

Quote:
The OpenSSL project has released versions 1.0.2g and 1.0.1s to address a high severity security issue known as the DROWN attack (CVE-2016-0800) which allows attackers to break HTTPS and steal encrypted information.

In layman terms, the attack uses an improperly patched issue (from 1998) in SSL to attack websites using the more modern TLS protocol. Servers where admins use SSL and TLS are in danger. Additionally, servers where only TLS is used, but the admins are sharing the same certificate for other servers where they have SSL, are also vulnerable, since the attack targets RSA, employed in both SSL and TLS. The entire attack is also easy to carry out, costing only $440 on Amazon EC2.
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Security LibreSSL not affected by DROWN attack J65nko News 0 1st March 2016 07:57 PM
Security Cookies can render secure websites vulnerable in all modern browsers J65nko News 2 25th September 2015 01:03 PM
Security Popular WordPress Plug-ins Vulnerable to Attack: Checkmarx Research J65nko News 0 19th June 2013 08:55 PM
Security Unlucky for you: UK crypto-duo 'crack' HTTPS in Lucky 13 attack J65nko News 0 4th February 2013 10:51 PM
Security New attack against TLS/SSL obtains session cookies from HTTPS jggimi News 1 17th September 2012 05:00 PM


All times are GMT. The time now is 06:04 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick