DROWN – WindowsTechs.com

Export-Grade Crypto Patching Improves

Posted on August 3, 2016 by Michael Mimoso

A Black Hat talk this week is expected to take a deep dive into the ramifications of lingering support for export-grade cryptography and how patching levels are proceeding. Continue reading Export-Grade Crypto Patching Improves→

Heartbleed, ImageTragick, Badlock – Are we facing a named vulnerability backlash?

Posted on May 4, 2016 by Maria Varmazis

Does it help to give a vulnerability a slick-sounding name and fancy logo? Or is it giving us “glamour vulnerability fatigue”? Continue reading Heartbleed, ImageTragick, Badlock – Are we facing a named vulnerability backlash?→

OPM Left Internal System Vulnerable to a Known Attack for Weeks

Posted on March 16, 2016 by Joseph Cox for Motherboard

But the agency fixed the issue after Motherboard reported it. Continue reading OPM Left Internal System Vulnerable to a Known Attack for Weeks→

DROWN Vulnerability Remains ‘High’ Risk, Firms Say

Posted on March 9, 2016 by Tom Spring

Two cloud security vendors publish reports that say hundreds of hosted apps and services remain vulnerable to the DROWN TLS flaw. Continue reading DROWN Vulnerability Remains ‘High’ Risk, Firms Say→

DROWN Attack on TLS – Everything You Need To Know

Posted on March 2, 2016 by Darknet

So SSL in general is having a rough time lately, now with the SSLv2 DROWN attack on TLS. And this is not long after Logjam and a while since Heartbleed, POODLE and FREAK. DROWN is a cross-protocol attack that can decrypt passively collected TLS sessions from up-to-date clients and stands for Decrypting RSA with Obsolete […]

The post DROWN…

Read the full post at darknet.org.uk

Continue reading DROWN Attack on TLS – Everything You Need To Know→

DROWN vulnerability could sink secure internet connections

Posted on March 2, 2016 by Symantec Security Response

New SSL/TLS vulnerability (CVE-2016-0800) could allow attackers to obtain encryption keys.Read More Continue reading DROWN vulnerability could sink secure internet connections→

The DROWN security hole – what you need to know

Posted on March 2, 2016 by Paul Ducklin

DROWN is an attack on TLS/SSL, the cornerstone of web security. It’s the third reminder in 12 months that encryption backdoors hurt us all. Continue reading The DROWN security hole – what you need to know→

DROWN Flaw Exposes 33 Percent Of HTTPS Connections To Attack

Posted on March 1, 2016 by Tom Spring

The latest Internet-wide crypto vulnerability has arrived in DROWN, which can be abused by attackers to carry out man-in-the-middle attacks and decrypt traffic. Continue reading DROWN Flaw Exposes 33 Percent Of HTTPS Connections To Attack→

DROWN attack: 33% of all HTTPS servers declared at risk

Posted on March 1, 2016 by Graham Cluley

Web servers around the world are at risk from a serious security vulnerability, dubbed the DROWN attack, which could allow hackers to steal private information.
Read more in my article on the HEAT Software blog.
Continue reading DROWN attack: 33% of all HTTPS servers declared at risk→

Akamai and the DROWN Vulnerability (Updated)

Posted on March 1, 2016 by Akamai

3/8/16 UPDATE: Akamai continues to harden systems against the DROWN vulnerability (CVE-2016-0800), which exploits legacy encryption protocols in order to compromise keys that secure modern protocols, like TLSv1.2. (It does not leak the SSL/TLS keys themselves.) We have taken the… Continue reading Akamai and the DROWN Vulnerability (Updated)→