1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

IDG Contributor Network: DROWN attack sinks security for millions of websites

Discussion in 'Network World' started by RSS, Mar 8, 2016.

  1. RSS

    RSS New Member Member

    The war to close down security vulnerabilities is never-ending, but the new “DROWN” vulnerability is one of the biggest to rear its ugly head in recent months.

    A group of security researchers from a number of different universities and research institutes just unveiled this vulnerability, which they say could affect 33% of all HTTPS servers. That potentially exposes around 11.5 million HTTPS servers worldwide plus other services reliant on SSL and TLS encryption.

    “These protocols allow everyone on the Internet to browse the web, use email, shop online, and send instant messages without third-parties being able to read the communication,” explain the researchers on the Drown Attack website. “DROWN allows attackers to break the encryption and read or steal sensitive communications, including passwords, credit card numbers, trade secrets, or financial data.”

    To read this article in full or to leave a comment, please click here

    Continue reading...

Share This Page