Nothing seems secure on the Web, it would seem. A report presented by researchers from leading universities & organizations claimed they had discovered a number of weaknesses in the algorithm, detailing a flaw in the SSL. Called “Logjam”, it affects a number of fundamental Web protocols, the team claimed.
The bug affected an algorithm called the ‘Diffie-Hellman key exchange’ which allowed protocols such as HTTPS, SSH, IPsec, SMTPS to negotiate a shared key & create a secure connection. Already, the report claimed, over 10,000 HTTPS-protected Websites, mail servers, & other widely used Internet services were vulnerable to a new Online attack, because of this.
The vulnerability affected an estimated 8.4 % of the top 1 million Websites & a slightly bigger percentage of mail servers populating the IPv4 address space, claimed the researchers.
The weakness, claimed one report, was the result of export restrictions the US government had mandated in the 1990s on US developers who wanted their software to be used abroad. What was ironic was that the Diffie-Hellman was supposed to provide an additional layer of protection, since it allowed 2 connected parties to constantly refresh the cryptographic key securing Web or e-mail sessions.
You may also want to read: Spam spreading malware found infecting Linux & FreeBSD OS through Joomla, WP exploits
http://news.google.com May 20, 2015
Tens of thousands of HTTPS websites, mail servers and other services are vulnerable to eavesdropping due to a flaw in cryptog …
New Computer Bug Exposes Broad Security Flaws – The Wall Street Journal
May 20, 2015
A dilemma this spring for engineers at big tech companies, including Google Inc and Microsoft Corp. shows the difficulty of protecting Internet users from hackers.
Internet-security experts crafted a fix for a previously undisclosed bug in security tools used by all modern Web browsers. But deploying the fix could break the Internet for thousands of websites.
“It’s a twitchy business, and we try to be careful,” said Richard Barnes, who worked on the problem as the security lead for Mozilla Corp., maker of the Firefox Web browser.
Read more…
There’s a new problem with SSL called “Logjam”, here’s what you need to know – The Next Web
May 20, 2015
It seems like we just got over the Heartbleed vulnerability, but there’s another major flaw with SSL called “logjam” that affects a number of fundamental Web protocols.
The bug affects an algorithm called the “Diffie-Hellman key exchange” which allows protocols such as HTTPS, SSH, IPsec, SMTPS to negotiate a shared key and create a secure connection.
Researchers from a number of universities and organizations discovered…
•Share This•
