Tuesday, April 25, 2017

Many web sites are vulnerable to Logjam

Rate this item
(0 votes)

A new SSL protocol security vulnerability

A new security vulnerability has been discovered in the SSL (Secure Sockets Layer) by researchers at Microsoft Research, the universities of Pennsylvania, Johns Hopkins, Michigan and INRIA French Research Institute. As the fault FREAK discovery last March, the new fault called Logjam would be the result of a measure of the US government in the 90 prohibiting the shipment of software products that use strong encryption keys. This legislation passed as part of national security then led to the use of 512-bit keys; and even after its abolition, many browsers have continued to use such weak encryption to ensure data security.

By a man-in-the-middle attack, a hacker can intercept the negotiating secure connection between a browser and a web or mail server. At this stage, it is in principle the most powerful algorithm to be used to encrypt the connection. But using Logjam flaw, the hacker can achieve deceive the web server using a 512-bit key, easier to crack. The weakly encrypted data sent by the browser can then be decoded in minutes, said Matthew D. Green, one of the researchers who discovered the flaw.

The flaw lies in an algorithm called "Diffie-Hellman key exchange" which allows protocols to negotiate a shared key and create a secure connection.

Websites, mail servers and other systems that support DHE_EXPORT figures are vulnerable to Logjam. The flaw has existed for over two decades, says Green; and to exploit, the attacker needs to be on the same network as the victim.

Logjam has been quietly sent to the browser vendors. If Microsoft has corrected its Internet Explorer browser last week, fixes for other programs such as Firefox and Apple's Safari browser should be published very soon.

About 7% of websites are vulnerable to Logjam, with up to 8.4% of the top 1 million websites domains. But it seems that the biggest problem with the mail servers. "The big problem is that the software that people use to run mail servers are not as well maintained," Green said. "They simply install them and forget them. Many default configurations that are shipped with [the software] is bad. "Did he added.

The vulnerability Logjam rate was reduced while steps have already been taken to correct the fault FREAK. The safety report notes in effect that organizations and companies that have patched their software against FREAK will not be vulnerable to Logjam, given that these patches have eliminated the opportunity for software to use lower figures.

Read 38691 times Last modified on Thursday, 04 June 2015 15:30
More in this category: Java blows his 20th candle »

6679 comments

  • Comment Link Cheap NFL Jerseys Tuesday, 25 April 2017 21:15 posted by Cheap NFL Jerseys

    Additionally these mortgage servicers also have been criticized for not helping homeowners promptly, causing homeowners to pay more late fees which work out beneficially for the companies. Eventually, we develop a sort of mental block as to what is fun as a family and what can be traumatic for everyone involved.Murphy received criticism from the New York media for his decision to leave the club. Recently, lawsuits alleging loan modification delays and illegal collection practices have been brought on behalf of consumers by both private attorneys and by attorneys general.Lots of homes have fish as pets, but many kids have not had the opportunity to explore fish stores and aquariums.
    Cheap NFL Jerseys

  • Comment Link Hamish Tuesday, 25 April 2017 21:12 posted by Hamish

    Bear in mind to include your complete criticism and lots of
    contact procedures (electronic mail, residence telephone,
    cellular phone number) for Sky to contact/call you again.

  • Comment Link esvrjemtlo Tuesday, 25 April 2017 21:04 posted by esvrjemtlo

    Edwards Institute of Technology - Many web sites are vulnerable to Logjam
    aesvrjemtlo
    [url=http://www.go7u5v65g44x4ce26q8xpsqw577s58j7s.org/]uesvrjemtlo[/url]
    esvrjemtlo http://www.go7u5v65g44x4ce26q8xpsqw577s58j7s.org/

  • Comment Link Cheap NFL Jerseys Wholesale Free Shipping Tuesday, 25 April 2017 21:04 posted by Cheap NFL Jerseys Wholesale Free Shipping

    Because they are not even aware of how they function, diagnosing the problem becomes hard. Maintenance UGGs in correct approach is also become a growing number of significant.Additionally you ll can be used to obtain particulars regarding the newest Australian Uggs that are in vogue the 2 among celebrities also as one of many chic and trendy. Give detailed information concerning the parts you are looking for. Real uggs are sensible footwear for all seasonTo convey Ugg boots are one of the most favored design sneakers influences during the past Decade seriously isn t an exaggeration.
    Cheap NFL Jerseys Wholesale Free Shipping http://www.cheapsportsjerseysnfl.com/

  • Comment Link Cierra Tuesday, 25 April 2017 21:02 posted by Cierra

    Awesome! Its genuinely awesome paragraph, I have got much clear idea on the topic of from this
    paragraph.

  • Comment Link Wholesale Jerseys China Tuesday, 25 April 2017 21:01 posted by Wholesale Jerseys China

    Now, however, they are realizing that they bid more than they can expect to recover from a pool of loans and therefore new charges, overcharges or other abuses have become more prevalent.If y?u want to be safe th?n ?ou ?h?u?d find one t??t u?es onl? 100% natural ingredients. As such, the dependence levels are reduced as well as unemployment levels.This program comes with a number of advantages. When weare playing good, he doesn't get too high.
    Wholesale Jerseys China http://www.wholesalejerseysfive.com/

  • Comment Link Removal Instructions Tuesday, 25 April 2017 21:00 posted by Removal Instructions

    *very nice post, i certainly love this website, keep on it
    Removal Instructions https://howtoremove.guide

  • Comment Link Wholesale NFL Jerseys China Free Shipping Tuesday, 25 April 2017 20:59 posted by Wholesale NFL Jerseys China Free Shipping

    www.Many supplements a???l?bl? will a?s? not u?? 100% genuine ingredients w?t? many using cheap fillers th?t not ?nly reduce t?? effectiveness of t?? supplement but may a?so b? unsafe to use. The objective is to adjust mortgages so homeownerspayments remain affordable. Also, my responses are arranged. You only need to top them up to have your appliance working well again.
    Wholesale NFL Jerseys China Free Shipping http://www.cheapnflsportsjerseyschina.us.com/

  • Comment Link Wholesale NFL Jerseys USA Tuesday, 25 April 2017 20:58 posted by Wholesale NFL Jerseys USA

    Just remember, the goal is to enjoy yourselves (at least a little) if you want to have a successful family activity. For those who may have lost the document, the manufacturers do send a copy when requested to do so in Rancho Cucamonga city, CA.American gold coin costs are skyrocketing now, and nowadays could be the finest opportunity to lay hold of the trip up the cost rally! You can learn that the Treasure Hunters Roadshow 2009 has the greatest prices for these amazing currency because of to their extensive grid of collectors across the globe and immediate hold with gold as well as silver refineries addresses Arthur Miller锘?Mortgage servicers are middlemen who process the mortgage payments from homeowners and direct the money to the banks or investors who hold the loans. He's an interesting young man and he's makingthe most of his opportunities.PARKS.
    Wholesale NFL Jerseys USA http://www.cheapjerseystowholesale.com/

  • Comment Link Cheap NFL Jerseys Tuesday, 25 April 2017 20:56 posted by Cheap NFL Jerseys

    Many supplements a???l?bl? will a?s? not u?? 100% genuine ingredients w?t? many using cheap fillers th?t not ?nly reduce t?? effectiveness of t?? supplement but may a?so b? unsafe to use.Whole grains are an important part of a healthful diet regime but, how do we know if a merchandise is really an excellent source of whole grains? The secret is in the ingredient list. The collectible (numismatic) coins can be significantly larger price based on the industry.How will you handle any issues that arise after the initial build? Even after a closing you have time to discover issues with your home and to notify your builder of any that need to be resolved. A consultancyservice may advise on anything from space requirements, to how toprepare the team for the integration, and to avoid a learning curve thatcould slow production times.
    Cheap NFL Jerseys

Leave a comment

Make sure you enter the (*) required information where indicated. HTML code is not allowed.

Random Photo

6.jpg

Edwards Computer Foundation

Edwards Computer Foundation (ECF) is the training and development arm of Computer Network Services (CNS). Edwards Computer Foundation brings together the resources, skills and personnel of CNS and ECF Information Technology Management. It is 100% purely Ni- Vanuatu owned Information Technology training Center and is located in the heart of Port Vila city, in Vanuatu, South Pacific.