Search
StarWind is a hyperconverged (HCI) vendor with focus on Enterprise ROBO, SMB & Edge

HTTPS sites are threatened by a new low-cost decipher attack

  • March 7, 2016
  • 3 min read
Online Marketing Manager at StarWind. In touch with virtualization world, may know stuff you are interested in.
Online Marketing Manager at StarWind. In touch with virtualization world, may know stuff you are interested in.

TLS
A new low-cost attack that decrypts sensitive communications in neglectable time has been discovered recently. The attack works against TLS-protected communications using RSA cryptosystem which expose the key through SSLv2, which was retired two decades ago due to vulnerabilities, but still may be supported by some service due to legacy compatibility reasons or misconfigured TLS implementations.

non-protected_TLS

According to statistics, over 5.9 million Web-servers directly support SSLv2. Though, even when a server doesn’t allow SSLv2, it may still be susceptible to attack if the underlying RSA key pair is reused on a different server supporting the old protocol.
The researchers dubbed the latest vulnerability DROWN, short for Decrypting RSA with Obsolete and Weakened eNcryption. The most notable example of TLS implementation known so far to be vulnerable to DROWN is OpenSSL cryptolibrary, for which a new security patch was released recently.

This is the review of an article.

Source : arstechnica.com

Hey! Found Oksana’s insights useful? Looking for a cost-effective, high-performance, and easy-to-use hyperconverged platform?
Taras Shved
Taras Shved StarWind HCI Appliance Product Manager
Look no further! StarWind HCI Appliance (HCA) is a plug-and-play solution that combines compute, storage, networking, and virtualization software into a single easy-to-use hyperconverged platform. It's designed to significantly trim your IT costs and save valuable time. Interested in learning more? Book your StarWind HCA demo now to see it in action!