QuoVadis Posted March 4, 2016 Report Posted March 4, 2016 Dupa ce mi-am fixat site-urile mele am zis sa postez si aici ca nu am vazut un thread pe tema asta : DROWN is a serious vulnerability that affects HTTPS and other services that rely on SSL and TLS, some of the essential cryptographic protocols for Internet security. These protocols allow everyone on the Internet to browse the web, use email, shop online, and send instant messages without third-parties being able to read the communication. DROWN allows attackers to break the encryption and read or steal sensitive communications, including passwords, credit card numbers, trade secrets, or financial data. Our measurements indicate 33% of all HTTPS servers are vulnerable to the attack. What can the attackers gain? Any communication between users and the server. This typically includes, but is not limited to, usernames and passwords, credit card numbers, emails, instant messages, and sensitive documents. Under some common scenarios, an attacker can also impersonate a secure website and intercept or change the content the user sees. Who is vulnerable? Websites, mail servers, and other TLS-dependent services are at risk for the DROWN attack, and many popular sites are affected. We used Internet-wide scanning to measure how many sites are vulnerable: More info: https://drownattack.com/ Q&A: https://drownattack.com/#question-answer Paper: https://drownattack.com/#paper Checker: https://drownattack.com/#check 2 Quote
gogusan Posted March 5, 2016 Report Posted March 5, 2016 (edited) Quote Vulns... accounts.yahoo.com edit.client.yahoo.com bt.edit.client.yahoo.com na.edit.client.yahoo.com verizon.edit.client.yahoo.com pare mai nasty decat poodle Edited March 5, 2016 by gogusan Quote
Meteosensibilul Posted March 5, 2016 Report Posted March 5, 2016 Nu a mai fost unul Heartbleed? Tot asa, periculos foc, si a afectat multe siteuri importante? Quote
Nytro Posted March 5, 2016 Report Posted March 5, 2016 Heartbleed e singurul atact si simplu si "reliable" si util. Ceva detalii aici despre DROWN: http://blog.cryptographyengineering.com/2016/03/attack-of-week-drown.html Quote