SSL vulnerability affects 33% of the web

March 7, 2016

name: DROWN (Decrypting RSA with Obsolete and Weakened eNcryption)
officially announced: March 2016

what: DROWN is a serious vulnerability that affects HTTPS and other that rely on SSL and TLS, some of the essential cryptographic protocols for Internet . These protocols allow everyone on the Internet to browse the web, use email, shop online and send instant messages without third-parties being able to read the communication.

how: DROWN allows attackers to break the encryption and read or steal sensitive communications, including passwords, credit card numbers, trade secrets, or financial data. The measurements indicate ~33% of all HTTPS servers are vulnerable to the attack. The affected list contains payment processors, big shopping sites, online applications, social media sites and highly accessed international or local news websites.

why: This major Internet vulnerability has resulted from the way cryptography was weakened by U.S. government policies that restricted exporting strong cryptography. These restrictions were designed to make it easier for NSA to decrypt the communication of people abroad.

Find out today

Contact us and mention your HTTPS domain link to find out if you are affected

 

Do you have an SSL installed on your server(s)? If not, kindly tell us in the comments why! If you have, does somebody checked if this vulnerability has affected you sites?

How to be informed in time and stay safe for your customers: our  or the Security audit handles these types of detection and we inform our customers if needed to take any action. There is no extra cost involved for this consultancy. For the recurrent , we even resolve these type of problems.

SSL vulnerability affects 33% of the web

by Csaba Miklós time to read: 3 min
0