A team of international researchers has discovered a security vulnerability that can be exploited in a relatively low-cost attack that will decrypt secured communications in only a few hours.
Up to one third of all HTTPS-secured websites, include around 80,000 of the world's most popular sites, are among those listed as being vulnerable to a DROWN attack, according to the researchers.
The team recommend server operators ensure that their private keys are not used anywhere with server software that allows SSLv2 connections, including web servers, SMTP servers, IMAP and POP servers.
http://techblog.nz/1071-OnethirdofHTTPSsitesvulnerabletocheaphacksayresearchers?utm_source=email
No comments:
Post a Comment