A newly discovered hack attacked nicknamed "DROWN Attack" could bring security breach for millions of sites Web (DROWN means Decrypt with RSA Encryption and Obsolete Weakened). DROWN is described as a serious vulnerability that affects HTTPS and other services that rely on SSL and TLS (cryptographic protocols for Internet Security).
The hack DROWN / attack allows an attacker to break the encryption that usually hide sensitive information like passwords and credit card numbers. Some vulnerable remarkable sites to attack are Yahoo, BuzzFeed, StumbleUpon, and even the Samsung Web site. Overall, a third of websites are vulnerable to attack, and only the operators of these site servers can fix the vulnerability, which is bad news for Internet users looking for personal security patches.
The root of the attack comes from computer servers that support SSLv2 (Secure Sockets Layer Version 2). It does not matter if a current client uses a newer protocol if that protocol allows SSLv2, the threat remains.
When this protocol was created, the US government if it had intentionally weakened so that other countries could not improve their level of encryption. Professor Matthew Green of Johns Hopkins University says that the problems come from the "result of the configuration of the server negligent," and that the "blame lies with embedded shabby and outdated devices that have not seen a software update in years. - and probably never will "
researchers that seek to replicate the attack were less than a minute since most servers are vulnerable to the vulnerability of DROWN are affected by other OpenSSL vulnerabilities (CVE-2015-3197 and CVE-2016-0703). The researchers concluded that an effective attack could be done in less than 8 hours at a cost of $ 440.
Although security vulnerabilities continue to emerge, policymakers continue to try to press restrictions on cryptography to strengthen national security. However, as seen in this case, reducing the encryption strength can directly affect us all.
TorGuard VPN is not vulnerable to attack DROWN because it does not SSLv2 on our website, or VPN. Our network security team remains vigilant in protecting TorGuard users against all security threats . Using a private VPN as TorGuard is not only mandatory in public spaces Wi-Fi, it is a must have if you want to encrypt your internet to keep your information private -. Private
0 Komentar