Researchers just discovered an online vulnerability currently being called LogJam - and it's believed to be affecting 8% of the world's biggest websites. What makes it so severe, however, is that the vulnerability stems from the type of technology most websites use to keep our personal information safe as it travels throughout the Web.
The bug affects an algorithm called the “Diffie-Hellman key exchange” which allows protocols such as HTTPS, SSH, IPsec, SMTPS to negotiate a shared key and create a secure connection.
Attack can only be possible if the attacker is sharing the same Wi-Fi network as you, it's extremely difficult to perform this attack unless your part of a large-scale surveillance program backed by millions of dollars.
All the same, the ramifications are still palpable. LogJam creates the sort of encryption backdoor at which state sponsored surveillance rings would salivate.
You can check whether your browser is vulnerable by clicking here. At the time of writing, some major browsers are still vulnerable to the Logjam attack. However, Google security team is already working to increase the SSL requirement in Chrome to 1024 bit.
So what to do? If you're an admin or the owner of a web or mail server, you'll want to check the researchers' guide to fixing it, which involves changing Diffie-Hellman cipher settings. If you just want to surf safely, check that you have the latest version of your browser installed -- Google Chrome, Mozilla Firefox, Microsoft Internet Explorer and Apple Safari are all releasing patches.
No comments:
Post a Comment