Tuesday, March 1, 2016

DROWN Attack Has Its Own Theme Song

Today it was announced that there’s a high level risk (DROWN Attack) within the OpenSSL library that allows malicious actors to create man-in-the-middle attacks against sessions using the ancient SSLv2 protocol. Not only are the sessions which are still using the antiquated SSLv2 protocol vulnerable, but any other service sharing the private key with this SSLv2 connection is at risk (E.G a web server using SSLv2, but a mail server using TLS 1.2 with the same certificate are both vulnerable since the key can be used to crack both sessions due to the SSLv2 vulnerability). At this point there is no fix for this vulnerability except removing SSLv2 from the enterprise. Which was named vulnerable about 20 years ago.

And now for the very first time a vulnerability has it's very own theme song. Too soon? I think not. It's been 20 years in the making. CUE THE MUSIC!!


3 comments:

  1. good additionally called the app which is named as the WiFiKill APK wifikill pro apk variation need to be so do not keep any kind of question in your nice.

    ReplyDelete
  2. This comment has been removed by the author.

    ReplyDelete
  3. thanks for post. please let me insert my link and please dont deleeter it! thanks
    4sherch

    ReplyDelete