The Drown Attack

[QuoVadis]

Dupa ce mi-am fixat site-urile mele am zis sa postez si aici ca nu am vazut un thread pe tema asta :

 

DROWN is a serious vulnerability that affects HTTPS and other services that rely on SSL and TLS, some of the essential cryptographic protocols for Internet security. These protocols allow everyone on the Internet to browse the web, use email, shop online, and send instant messages without third-parties being able to read the communication. DROWN allows attackers to break the encryption and read or steal sensitive communications, including passwords, credit card numbers, trade secrets, or financial data. Our measurements indicate 33% of all HTTPS servers are vulnerable to the attack.

 

What can the attackers gain?

Any communication between users and the server. This typically includes, but is not limited to, usernames and passwords, credit card numbers, emails, instant messages, and sensitive documents. Under some common scenarios, an attacker can also impersonate a secure website and intercept or change the content the user sees.

Who is vulnerable?

Websites, mail servers, and other TLS-dependent services are at risk for the DROWN attack, and many popular sites are affected. We used Internet-wide scanning to measure how many sites are vulnerable:

 

More info: https://drownattack.com/

Q&A: https://drownattack.com/#question-answer

Paper: https://drownattack.com/#paper

Checker: https://drownattack.com/#check

[gogusan]

Quote

Vulns...

accounts.yahoo.com
edit.client.yahoo.com
bt.edit.client.yahoo.com
na.edit.client.yahoo.com
verizon.edit.client.yahoo.com

pare mai nasty decat poodle

Edited March 5, 2016 by gogusan

[Meteosensibilul]

Nu a mai fost unul Heartbleed? Tot asa, periculos foc, si a afectat multe siteuri importante?

[Nytro]

Heartbleed e singurul atact si simplu si "reliable" si util.

 

Ceva detalii aici despre DROWN: http://blog.cryptographyengineering.com/2016/03/attack-of-week-drown.html