Jump to content
QuoVadis

The Drown Attack

Recommended Posts

Posted

Dupa ce mi-am fixat site-urile mele am zis sa postez si aici ca nu am vazut un thread pe tema asta :) :

 

DROWN is a serious vulnerability that affects HTTPS and other services that rely on SSL and TLS, some of the essential cryptographic protocols for Internet security. These protocols allow everyone on the Internet to browse the web, use email, shop online, and send instant messages without third-parties being able to read the communication. DROWN allows attackers to break the encryption and read or steal sensitive communications, including passwords, credit card numbers, trade secrets, or financial data. Our measurements indicate 33% of all HTTPS servers are vulnerable to the attack.

 

What can the attackers gain?

Any communication between users and the server. This typically includes, but is not limited to, usernames and passwords, credit card numbers, emails, instant messages, and sensitive documents. Under some common scenarios, an attacker can also impersonate a secure website and intercept or change the content the user sees.

Who is vulnerable?

Websites, mail servers, and other TLS-dependent services are at risk for the DROWN attack, and many popular sites are affected. We used Internet-wide scanning to measure how many sites are vulnerable:

 

More info: https://drownattack.com/

Q&A: https://drownattack.com/#question-answer

Paper: https://drownattack.com/#paper

Checker: https://drownattack.com/#check

  • Upvote 2
Posted (edited)
Quote

Vulns...

accounts.yahoo.com
edit.client.yahoo.com
bt.edit.client.yahoo.com
na.edit.client.yahoo.com
verizon.edit.client.yahoo.com


pare mai nasty decat poodle

Edited by gogusan

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...