Monday, December 11, 2017
Search
  
Submit your own News for
inclusion in our Site.
Click here...
Breaking News
VESA Defines DisplayHDR Standard for PCs, Laptops and Displays
Microsoft Releases Preview of Quantum Development Kit, Q Sharp Programming Language
Hackers Hit ATM Networks In U.S. and Russian Bank Breaches
Verizon Signs Five-year NFL Streaming Deal
Intel Introduces Cost-optimized Pentium Silver and Intel Celeron Processors
Upcoming Samsung QLED TVs Could Have LG Panels Inside
LG Electronics Applies For Iris Recognition Patent For Mobiles
HP Patches New Keylogger Software in its Laptops
Active Discussions
Which of these DVD media are the best, most durable?
How to back up a PS2 DL game
Copy a protected DVD?
roxio issues with xp pro
Help make DVDInfoPro better with dvdinfomantis!!!
menu making
Optiarc AD-7260S review
cdrw trouble
 Home > News > General Computing > LogJam ...
Last 7 Days News : SU MO TU WE TH FR SA All News

Wednesday, May 20, 2015
LogJam Encryption Flaw Poses Risks For Web Surfers


Security experts have discovered a new encryption flaw called LogJam, which is closely related to one found earlier this year that puts Web surfers' data at risk.

LogJam can allow an attacker to weaken the encrypted connection between a user and a Web or email server. It actually attacks the TLS (Transport Layer Security) Protocol. The Logjam attack allows a man-in-the-middle attacker to downgrade vulnerable TLS connections to 512-bit export-grade cryptography. This allows the attacker to read and modify any data passed over the connection.

The attack is reminiscent of the FREAK (Factoring attack on RSA-EXPORT Keys) attack, which was revealed in March. However, LogJam is due to a flaw in the TLS protocol rather than an implementation vulnerability, and attacks a Diffie-Hellman key exchange rather than an RSA key exchange.

The attack affects any server that supports DHE_EXPORT ciphers, and affects all modern web browsers. 8.4% of the Top 1 Million domains were initially vulnerable.

Information on the flaw has been quietly circulating. Microsoft fixed its Internet Explorer browser last week, and patches for Firefox and Apple's Safari browser should be released soon.

What should you do?

If you have a web or mail server, you should disable support for export cipher suites and generate a unique 2048-bit Diffie-Hellman group. Step-by-step instrictions to deploy Diffie-Hellman for TLS are available here.

If you use SSH, you should upgrade both your server and client installations to the most recent version of OpenSSH, which prefers Elliptic-Curve Diffie-Hellman Key Exchange.

Web users make sure they have the most recent version of your browser installed, and check for updates frequently. Google Chrome (including Android Browser), Mozilla Firefox, Microsoft Internet Explorer, and Apple Safari are all deploying fixes for the Logjam attack.

Sysadmin or developers should make sure any TLS libraries they use are up-to-date and that they reject Diffie-Hellman Groups smaller than 1024-bit.



Previous
Next
NHK To Demonstrate 8K Super Hi-Vision Sattelite Broadcasting        All News        Imagination's OmniShield Enables Security For Mobile, Automotive or IoT
NHK To Demonstrate 8K Super Hi-Vision Sattelite Broadcasting     General Computing News      Imagination's OmniShield Enables Security For Mobile, Automotive or IoT

Get RSS feed Easy Print E-Mail this Message

Most Popular News
 
Home | News | All News | Reviews | Articles | Guides | Download | Expert Area | Forum | Site Info
Site best viewed at 1024x768+ - CDRINFO.COM 1998-2017 - All rights reserved -
Privacy policy - Contact Us .