| |||||||||
| |||||||||
Current Filter: Security>>>>>News> 'DROWN' threatens to engulf vulnerable servers Editorial Type: News Date: 03-2016 Views: 1116 | |||
| A new OpenSSL vulnerability has sprung up Known as 'DROWN', it affects servers using SSLv2and can decrypt secure HTTPS communications, including passwords and credit card numbers. Reports indicate that more than 33% of servers are vulnerable - significantly less than Heartbleed, but still high. Stated Tod Beardsley, security research manager at Rapid7: "In the case of DROWN, the attacker does have to be in a privileged position on the network, in order to eavesdrop on a TLS session, and also needs to have already conducted some reconnaissance on the server-side infrastructure, but this is the nature of padding oracle attacks. While it's not Heartbleed, DROWN techniques do demonstrate the weaknesses inherent in legacy cryptography standards." | ||
Like this article? Click here to get the Newsletter and Magazine Free! | |||
Email The Editor! OR Forward Article | Go Top | ||
PREVIOUS | NEXT |