‘Thousands of popular sites’ at risk of Drown hack attacks

http://www.bbc.com/news/technology-35706730
“Websites have been warned they could be exposed to eavesdroppers, after researchers discovered a new way to disable their encryption protections.

The experts said about a third of all computer servers using the HTTPS protocol – often represented by a padlock in web browsers – were vulnerable to so-called Drown attacks.

They warn that passwords, credit card numbers, emails and sensitive documents could all be stolen as a consequence.

A fix has been issued.

But it will take some time for many of the website administrators to protect their systems.

The researchers have released a tool that identifies websites that appear to be vulnerable.

They said they had not released the code used to prove their theory because “there are still too many servers vulnerable to the attack”.”

Advertisements