Drown attack sinks SSL security

03/03/2016 in Security by Holly.Buttura

Via Cliff Saran | @cliffsaran

Researchers have published a paper outlining how an attacker could crack the TLS security protocol to gain access to millions of secure websites. The cross-protocol attack, known as DROWN (Decrypting RSA with Obsolete and Weakened eNcryption), performs live attacks on TLS, one of the main protocols used for security on the internet. (It also works against TLS e-mail servers.)

According to the researchers, the attack can be completed on a single core on commodity hardware in less than a minute, without GPUs or distributed computing, and is limited primarily by how quickly the server can complete handshakes.

Read the full article.

[ Looking for more technical details on this issue? Read this article. ]

Advanced Web Marketing Solutions

Blog

Drown attack sinks SSL security

Related Blog Posts

Yes, People Are Still Using '123456' and 'password' as Their Password

Zoom Impersonation Attacks Aim to Steal Credentials

Malicious Attachments Remain a Cybercriminal Threat Vector Favorite

New website for Chris Graff

11 Tips for Creating a Usable Website Contact Page

26 Ways to Improve Your WordPress Site in 30 Minutes or Less

Blog

Search form

You are here

Related Blog Posts