HTTPS-crippling attack threatens tens of thousands of Web and mail servers | Ars Technica

 

 

Tens of thousands of HTTPS-protected websites, mail servers, and other widely used Internet services are vulnerable to a new attack that lets eavesdroppers read and modify data passing through encrypted connections, a team of computer scientists has found.

 

[…]

 

The new attack, which its creators have dubbed Logjam, can be exploited against a subset of servers that support the widely used Diffie-Hellman key exchange, which allows two parties that have never met before to negotiate a secret key even though they’re communicating over an unsecured, public channel.

 

The weakness is the result of export restrictions the US government mandated in the 1990s on US developers who wanted their software to be used abroad.

via

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht.