quinta-feira, 21 de maio de 2015

"Logjam" Browser Vulnerability Fix, Will Block Thousands of Websites



Researchers Have Discovered a New Browser and Website Encryption Vulnerability Called, "Logjam" and there's Good News and Bad News. On the Plus Side, the Vulnerability has Largely been Patched, Thanks to Consultation with Technology Companies like Google and Updates are Available Now or Coming Soon for Chrome, Firefox and Other Browsers. The Bad News is that, the Fix Rendered Many Websites Unreachable, including the Main Website at the University of Michigan, which is Home to Many of the Researchers that Found the Security Hole. Ironically, that Site (which has since been Patched) and Other Government and Educational Websites are Supposed to be Secure -- so, What Went Wrong ? The "Logjam" Vulnerability is a Kissing Cousin to FREAK, a Weakness that also Left Secure Sites like Whitehouse.gov Open to Attack. Researchers Say, the New Bug's Weakness is in an Encryption Protocol Called, 'Diffie-Hellman', Letting Attackers Downgrade Certain Connections to a Mere 512-Bits of Security.


That's Low Enough to be Easily be Cracked by Sophisticated Attackers in just a Few Minutes, though it's Not Clear if Anyone actually Exploited the Weakness. However, the Researchers Speculated that, None Other than the NSA Used "Logjam", Saying "a close reading of published NSA leaks shows that the agency's attacks on VPNs are consistent with having achieved such a break". However, One of them Pointed Out that such a Hack was "just conjecture". So, What to do ? If you're an Admin or the Owner of a Web or Mail Server, you'll Want to Check the Researchers' Guide to Fixing it, which Involves Changing 'Diffie-Hellman' Cipher Settings. If you just Want to Surf Safely, Check that you Have the Latest Version of your Browser Installed -- Google Chrome, Mozilla Firefox, Microsoft Internet Explorer and Apple Safari are All Releasing Patches.




Info Sources:

http://www.wsj.com/article_email/new-computer-bug-exposes-broad-security-flaws-1432076565-lMyQjAxMTE1MjE0OTQxNzkxWj

http://weakdh.org

0 comentários:

Enviar um comentário