Skip to main content

HTTPS-crippling attack threatens tens of thousands of Web and mail servers

posted onMay 20, 2015
by l33tdawg

Tens of thousands of HTTPS-protected websites, mail servers, and other widely used Internet services are vulnerable to a new attack that lets eavesdroppers read and modify data passing through encrypted connections, a team of computer scientists has found.

The vulnerability affects an estimated 8.4 percent of the top one million websites and a slightly bigger percentage of mail servers populating the IPv4 address space, the researchers said. The threat stems from a flaw in the transport layer security protocol that websites and mail servers use to establish encrypted connections with end-users. The new attack, which its creators have dubbed Logjam, can be exploited against a subset of servers that support the widely used Diffie-Hellman key exchange, which allows two parties that have never met before to negotiate a secret key even though they're communicating over an unsecured, public channel.

Source

Tags

Security

You May Also Like

Recent News

Friday, March 29th

Thursday, March 28th

Wednesday, March 27th

Tuesday, March 26th

Monday, March 25th

Friday, March 22nd

Thursday, March 21st