Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Share Post: Reddit Facebook
The DROWN Attack
#1
Quote:DROWN is a serious vulnerability that affects HTTPS and other services that rely on SSL and TLS, some of the essential cryptographic protocols for Internet security. These protocols allow everyone on the Internet to browse the web, use email, shop online, and send instant messages without third-parties being able to read the communication.
DROWN allows attackers to break the encryption and read or steal sensitive communications, including passwords, credit card numbers, trade secrets, or financial data. Our measurements indicate 33% of all HTTPS servers are vulnerable to the attack.
What can the attackers gain?
Any communication between users and the server. This typically includes, but is not limited to, usernames and passwords, credit card numbers, emails, instant messages, and sensitive documents. Under some common scenarios, an attacker can also impersonate a secure website and intercept or change the content the user sees.

Source
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  attack Brian Krebs' Blog Hit by 665 Gbps DDoS Attack mrtrout 1 2,804 09-23-2016 , 01:09 AM
Last Post: Kershwow

Forum Jump:


Users browsing this thread: 1 Guest(s)