Windows 10 is CANCER. Do not use it or you WILL regret it later.

SAY NO to automated censorship bans: BOYCOTT Ubisoft's Rainbow Six Siege. If you own the game, write a negative review about it.

Drown attack: how weakened encryption jeopardizes "secure" sites

ET and Rust configuration guides, tips, bugs, etc., plus hardware, software, gaming and technology related subjects in general.
User avatar
Site Admin
Posts: 3261
Joined: 03 Nov 2010, 19:59
Location: Brazil

Drown attack: how weakened encryption jeopardizes "secure" sites


Post by Pedro-NF » 03 Mar 2016, 03:58


Drown attack: how weakened encryption jeopardizes "secure" sites

Security researchers have developed a method of attacking "secure" connections that can be used to intercept and decrypt information being transmitted to some of the world's most popular email, news and entertainment services. The researchers, made up of a team from public universities, Google, and a number of groups devoted to the development of open source projects, say the attack relies on a flaw in an old piece of encryption technology.

The Drown attack method, or "Decrypting RSA with Obsolete and Weakened eNcryption", could affect up to one third of all websites that use secure connections – addresses prefixed by "https". It means the information visitors submit could be accessed and decrypted while it travels over the internet. Yahoo, BuzzFeed, Flickr and Samsung.com would all be susceptible, according to the researchers, as would a large number of the world's top 10,000 websites. Credit card data, passwords and other information handled by these websites could be compromised.

The team compared the Drown attack to previously revealed attacks called Freak, Poodle and Logjam, all of which were made possible by 1990s export laws that required US companies to deliberately weaken encryption algorithms used in products available overseas. These restrictions were eventually lifted, but the damage had already been done: now, two decades later, the compromised security can still be exploited.

"These three attacks targeting different flaws from export-grade cryptography from the 90s are the best natural experiment we have about the long-term damage to security that can come from deliberately weakening cryptography", said Nadia Heninger, an assistant computer and information science professor at the University of Pennsylvania and a member of the Drown attack research team.



Twitter: @pedro_corbett

"Was he crazy!"
"Yeah, in a very special way. An Irishman."

(Once Upon A Time In The West, 1968)

Who is online

Users browsing this forum: No registered users and 4 guests