The vulnerability joins a swarm of other critical bugs that over the past five years have given attackers the ability to break TLS. With names including BEAST, CRIME, BREACH, and FREAK, the proof-of-concept exploits have demonstrated dangerous holes in a protocol that's the sole means for most websites and e-mail servers to encrypt and authenticate communications over an Internet that was never designed to be secure or private. TLS security hit a new low last May with the discovery of Logjam, a vulnerability caused by deliberately weakened cryptography that allowed eavesdroppers to read and modify data passing through tens of thousands of Web and e-mail servers. The researchers have dubbed the latest vulnerability DROWN, short for Decrypting RSA with Obsolete and Weakened eNcryption
No comments:
Post a Comment