An Interest In:
Web News this Week
- April 20, 2024
- April 19, 2024
- April 18, 2024
- April 17, 2024
- April 16, 2024
- April 15, 2024
- April 14, 2024
March 1, 2016 06:00 pm
Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/S9J1wl1ezK0/a-third-of-all-https-websites-vulnerable-to-drown-attack
A Third of All HTTPS Websites Vulnerable To DROWN Attack
An anonymous reader writes: The OpenSSL project has released versions 1.0.2g and 1.0.1s to address a high severity security issue known as the DROWN attack (CVE-2016-0800) which allows attackers to break HTTPS and steal encrypted information. In layman terms, the attack uses an improperly patched issue (from 1998) in SSL to attack websites using the more modern TLS protocol. Servers where admins use SSL and TLS are in danger. Additionally, servers where only TLS is used, but the admins are sharing the same certificate for other servers where they have SSL, are also vulnerable, since the attack targets RSA, employed in both SSL and TLS. The entire attack is also easy to carry out, costing only $440 on Amazon EC2.Read more of this story at Slashdot.
Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/S9J1wl1ezK0/a-third-of-all-https-websites-vulnerable-to-drown-attack
Share this article:
Tweet
View Full Article
Slashdot
Slashdot was originally created in September of 1997 by Rob "CmdrTaco" Malda. Today it is owned by Geeknet, Inc..More About this Source Visit Slashdot