Security experts have discovered a new encryption flaw called LogJam, which is closely related to one found earlier this year that puts Web surfers' data at risk.
LogJam can allow an attacker to weaken the encrypted connection between a user and a Web or email server. It actually attacks the TLS (Transport Layer Security) Protocol. The Logjam attack allows a man-in-the-middle attacker to downgrade vulnerable TLS connections to 512-bit export-grade cryptography. This allows the attacker to read and modify any data passed over the connection.
The attack is reminiscent of the FREAK (Factoring attack on RSA-EXPORT Keys) attack, which was revealed in March. However, LogJam is due to a flaw in the TLS protocol rather than an implementation vulnerability, and attacks a Diffie-Hellman key exchange rather than an RSA key exchange.
The attack affects any server that supports DHE_EXPORT ciphers, and affects all modern web browsers. 8.4% of the Top 1 Million domains were initially vulnerable.
Information on the flaw has been quietly circulating. Microsoft fixed its Internet Explorer browser last week, and patches for Firefox and Apple's Safari browser should be released soon.
What should you do?
If you have a web or mail server, you should disable support for export cipher suites and generate a unique 2048-bit Diffie-Hellman group. Step-by-step instrictions to deploy Diffie-Hellman for TLS are available here.
If you use SSH, you should upgrade both your server and client installations to the most recent version of OpenSSH, which prefers Elliptic-Curve Diffie-Hellman Key Exchange.
Web users make sure they have the most recent version of your browser installed, and check for updates frequently. Google Chrome (including Android Browser), Mozilla Firefox, Microsoft Internet Explorer, and Apple Safari are all deploying fixes for the Logjam attack.
Sysadmin or developers should make sure any TLS libraries they use are up-to-date and that they reject Diffie-Hellman Groups smaller than 1024-bit.