Week 10 recent Cyber Security News…

DROWN attack risks millions of popular websites (as reported recently within the eHackingNews.com on 3/3/16 theHackerNews site on 3/1/2016)…

“An international team of researchers warned that more than 11 million websites and e-mail services protected by the transport layer security protocol are vulnerable to a new, low-cost attack that decrypts sensitive communications in few hours. The DROWN attack works against TLS-protected communications that rely on the RSA cryptosystem when the key is exposed even indirectly through short for secure sockets layer version 2 (SSLv2). The vulnerability allows everyone on the internet to browse the web, use e-mail, shop online and send instant messages without third-parties being able to read the communication.  It allows attackers to break the encryption and read or steal sensitive communications, including passwords, credit card numbers, trade secrets, or financial data. Though a fix has been issued but it will take time for many of the website administrators to protect their systems. The researchers have released a tool that identifies websites that appear to be vulnerable.”