Results 1 to 3 of 3
  1. #1
    5 Star Lounger
    Join Date
    Oct 2013
    Location
    Phoenix, AZ
    Posts
    926
    Thanks
    554
    Thanked 137 Times in 128 Posts

    Attack of the week: DROWN

    How did I miss this. Today, I noticed SSLLabs was doing a new experimental vulnerability test called DROWN. I went looking for more info and found it on Matthew Green's blog:

    "To every thing there is a season. And in the world of cryptography, today we have the first signs of the season of TLS vulnerabilities.

    This year's season is off to a roaring start with not one, but two serious bugs announcements by the OpenSSL project, each of which guarantees that your TLS connections are much less than private than you'd like them to be."


    http://blog.cryptographyengineering....eek-drown.html

    When SSL was going down via POODLE, we started fretting about what would happen if unpatchable vulnerabilities started to show up in TLS when BEAST attacks were occurring at the same time. Unlike SSL there is nothing to replace TLS.

  2. #2
    WS Lounge VIP
    Join Date
    Dec 2009
    Location
    Earth
    Posts
    8,199
    Thanks
    48
    Thanked 987 Times in 917 Posts
    Maybe we should have a backdoor into iPhones so the security services can catch those baddies?

    cheers, Paul

  3. The Following User Says Thank You to Paul T For This Useful Post:

    brino (2016-04-12)

  4. #3
    4 Star Lounger
    Join Date
    Dec 2009
    Location
    Paducah, Kentucky
    Posts
    426
    Thanks
    40
    Thanked 67 Times in 64 Posts


    Funny, I like it!

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •