Via Cliff Saran | @cliffsaran
Researchers have published a paper outlining how an attacker could crack the TLS security protocol to gain access to millions of secure websites. The cross-protocol attack, known as DROWN (Decrypting RSA with Obsolete and Weakened eNcryption), performs live attacks on TLS, one of the main protocols used for security on the internet. (It also works against TLS e-mail servers.)
According to the researchers, the attack can be completed on a single core on commodity hardware in less than a minute, without GPUs or distributed computing, and is limited primarily by how quickly the server can complete handshakes.
[ Looking for more technical details on this issue? Read this article. ]