• Attack of the week: DROWN

    Home » Forums » Cyber Security Information and Advisories » Code Red – Security/Privacy advisories » Attack of the week: DROWN

    Author
    Topic
    WSFascist Nation
    AskWoody Lounger
    April 11, 2016 at 6:11 pm #505243

    How did I miss this. Today, I noticed SSLLabs was doing a new experimental vulnerability test called DROWN. I went looking for more info and found it on Matthew Green’s blog:

    “To every thing there is a season. And in the world of cryptography, today we have the first signs of the season of TLS vulnerabilities.

    This year’s season is off to a roaring start with not one, but two serious bugs announcements by the OpenSSL project, each of which guarantees that your TLS connections are much less than private than you’d like them to be.”

    http://blog.cryptographyengineering.com/2016/03/attack-of-week-drown.html

    When SSL was going down via POODLE, we started fretting about what would happen if unpatchable vulnerabilities started to show up in TLS when BEAST attacks were occurring at the same time. Unlike SSL there is nothing to replace TLS.

    Reply | Quote
    Viewing 1 reply thread
    Author
    Replies
    • Paul T
      AskWoody MVP
      April 12, 2016 at 2:21 am #1559689

      Maybe we should have a backdoor into iPhones so the security services can catch those baddies?

      cheers, Paul

      Reply | Quote
    • RockE
      AskWoody Lounger
      April 12, 2016 at 11:54 am #1559738

      :rolleyes:

      Funny, I like it!

      Image or Clone often! Backup, backup, backup, backup......
      - - - - -
      Home Built: Windows 10 Home 64-bit, AMD Athlon II X3 435 CPU, 16GB RAM, ASUSTeK M4A89GTD-PRO/USB3 (AM3) motherboard, 512GB SanDisk SSD, 3 TB WD HDD, 1024MB ATI AMD RADEON HD 6450 video, ASUS VE278 (1920x1080) display, ATAPI iHAS224 Optical Drive, integrated Realtek HD Audio

      Reply | Quote
    Viewing 1 reply thread
    Reply To: Attack of the week: DROWN

    You can use BBCodes to format your content.
    Your account can't use all available BBCodes, they will be stripped before saving.

    Your information:




DON'T MISS OUT!
Subscribe to the Free Newsletter
We promise not to spam you. Unsubscribe at any time.
Invalid email address

View the Forum

  • Recent Replies
  • My Replies
  • My Active Topics
  • New Posts in the Last day
  • Private Messages
  • Knowledge Base
  • How to use the Forums
  • All Forums

    • Recent Topics

    My Profile

    May 2025
    S M T W T F S
     123
    45678910
    11121314151617
    18192021222324
    25262728293031

    Remembering Woody

     

    Want to Advertise in the free newsletter? How about a gift subscription in honor of a birthday? Send an email to sb@askwoody.com to ask how.

    Mastodon profile for DefConPatch
    Mastodon profile for AskWoody

     

    Home About FAQ Posts & Privacy Forums My Account
    Register Free Newsletter Plus Membership Gift Certificates MS-DEFCON Alerts

    Copyright ©2004-2025 by AskWoody Tech LLC. All Rights Reserved.