{"id":8299,"date":"2015-05-20T13:06:20","date_gmt":"2015-05-20T17:06:20","guid":{"rendered":"http:\/\/blog.nccomputertech.com\/?p=8299"},"modified":"2015-05-20T13:06:20","modified_gmt":"2015-05-20T17:06:20","slug":"https-crippling-attack-threatens-tens-of-thousands-of-web-and-mail-servers","status":"publish","type":"post","link":"https:\/\/nccomputertech.com\/techtalk\/2015\/05\/20\/https-crippling-attack-threatens-tens-of-thousands-of-web-and-mail-servers\/","title":{"rendered":"HTTPS-crippling attack threatens tens of thousands of Web and mail servers"},"content":{"rendered":"<p style=\"text-align:center;\"><a href=\"http:\/\/arstechnica.com\/security\/2015\/05\/https-crippling-attack-threatens-tens-of-thousands-of-web-and-mail-servers\/\"><img data-recalc-dims=\"1\" height=\"427\" width=\"640\" src=\"https:\/\/i0.wp.com\/nccomputertech.com\/techtalk\/wp-content\/uploads\/2015\/05\/web-servers-640x427.jpg?resize=640%2C427\" alt='' \/><\/a><\/p>\n<p>Tens of thousands of HTTPS-protected websites, mail servers, and other widely used Internet services are vulnerable to a new attack that lets eavesdroppers read and modify data passing through encrypted connections, a team of computer scientists has found.<\/p>\n<p>The vulnerability affects an estimated 8.4 percent of the top one million websites and a slightly bigger percentage of mail servers populating the IPv4 address space, the researchers said. The threat stems from a flaw in the transport layer security protocol that websites and mail servers use to establish encrypted connections with end users. The new attack, which its creators have dubbed Logjam, can be exploited against a subset of servers that support the widely used Diffie-Hellman key exchange, which allows two parties that have never met before to negotiate a secret key even though they&#8217;re communicating over an unsecured, public channel.<\/p>\n<p>The weakness is the result of export restrictions the US government mandated in the 1990s on US developers who wanted their software to be used abroad. The regime was established by the Clinton administration so the FBI and other agencies could break the encryption used by foreign entities. Attackers with the ability to monitor the connection between an end user and a Diffie-Hellman-enabled server that supports the export cipher can inject a special payload into the traffic that downgrades encrypted connections to use extremely weak 512-bit key material. Using precomputed data prepared ahead of time, the attackers can then deduce the encryption key negotiated between the two parties.<\/p>\n<p>&#8220;Logjam shows us once again why it&#8217;s a terrible idea to deliberately weaken cryptography, as the FBI and some in law enforcement are now calling for,&#8221; J. Alex Halderman, one of the scientists behind the research, wrote in an e-mail to Ars. &#8220;That&#8217;s exactly what the US did in the 1990s with crypto export restrictions, and today that backdoor is wide open, threatening the security of a large part of the Web.&#8221;<\/p>\n<p>Read More: <a href=\"http:\/\/arstechnica.com\/security\/2015\/05\/https-crippling-attack-threatens-tens-of-thousands-of-web-and-mail-servers\/\">HTTPS-crippling attack threatens tens of thousands of Web and mail servers | Ars Technica<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Tens of thousands of HTTPS-protected websites, mail servers, and other widely used Internet services are vulnerable to a new attack [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[6,7,10],"tags":[326,494,1177],"class_list":["post-8299","post","type-post","status-publish","format-standard","hentry","category-networking","category-security","category-technology","tag-encyption","tag-https","tag-vulnerabilities"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/papNkV-29R","jetpack-related-posts":[{"id":9330,"url":"https:\/\/nccomputertech.com\/techtalk\/2018\/04\/03\/security-now-657-protonmail\/","url_meta":{"origin":8299,"position":0},"title":"Security Now 657: ProtonMail","author":"NCCT","date":"April 3, 2018","format":false,"excerpt":"https:\/\/youtu.be\/OeSZg-ph3Ns This week we discuss \"DrupalGeddon2\", Cloudflare's new DNS offering, a reminder about GRC's DNS Benchmark, Microsoft's Meltdown meltdown, the persistent iOS QR Code flaw and its long-awaited v11.3 update, another VPN user IP leak, more bug bounty news, an ill-fated-seeming new eMail initiative, Free electricity, a policy change at\u2026","rel":"","context":"In &quot;Security&quot;","block_context":{"text":"Security","link":"https:\/\/nccomputertech.com\/techtalk\/category\/security\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/img.youtube.com\/vi\/OeSZg-ph3Ns\/0.jpg?resize=350%2C200","width":350,"height":200},"classes":[]},{"id":9477,"url":"https:\/\/nccomputertech.com\/techtalk\/2018\/12\/16\/the-big-leek-cabal-this-week-in-tech-697\/","url_meta":{"origin":8299,"position":1},"title":"The Big Leek Cabal &#8211; This Week in Tech 697","author":"NCCT","date":"December 16, 2018","format":false,"excerpt":"https:\/\/youtu.be\/4JZfm6VIBfc - Elon Musk is a terrible person to work for. - The internet is a garbage fire of hate. - It is not Google's fault that searching for \"idiot\" results in pictures of Donald Trump. - The Chinese are not spying on you with secret spy chips on Super\u2026","rel":"","context":"In &quot;Technology&quot;","block_context":{"text":"Technology","link":"https:\/\/nccomputertech.com\/techtalk\/category\/technology\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/img.youtube.com\/vi\/4JZfm6VIBfc\/0.jpg?resize=350%2C200","width":350,"height":200},"classes":[]},{"id":9518,"url":"https:\/\/nccomputertech.com\/techtalk\/2019\/02\/10\/between-the-buns-this-week-in-tech-705\/","url_meta":{"origin":8299,"position":2},"title":"Between the Buns &#8211; This Week in Tech 705","author":"NCCT","date":"February 10, 2019","format":false,"excerpt":"https:\/\/youtu.be\/KZ52Am221no Improving government websites, blocking the big five, Spotify\u2019s podcast move, and more. -- Alphabet Earnings: Google's Cost Per Click -- Cutting out Google, Apple, Amazon, Facebook, and Microsoft -- The US to Ban Huawei 5GTech -- Germany Outlaws Facebook's Business Model -- What if Google Just Doesn't Pay Its\u2026","rel":"","context":"In &quot;Apple&quot;","block_context":{"text":"Apple","link":"https:\/\/nccomputertech.com\/techtalk\/category\/apple\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/img.youtube.com\/vi\/KZ52Am221no\/0.jpg?resize=350%2C200","width":350,"height":200},"classes":[]},{"id":9297,"url":"https:\/\/nccomputertech.com\/techtalk\/2018\/02\/11\/this-week-in-tech-653-x-stands-for-nothing\/","url_meta":{"origin":8299,"position":3},"title":"This Week in Tech 653: X Stands for Nothing","author":"NCCT","date":"February 11, 2018","format":false,"excerpt":"https:\/\/youtu.be\/9vdjtG9ozeQ HomePod should have been delayed longer. Elon Musk's rollercoaster week: Falcon Heavy sends a Tesla to Mars just as Tesla has its worst quarter ever. iPhone boot code leaked online. Chrome will shame insecure websites. YouTube suspends Logan Paul for generally being a horrible human being. Rethinking Facebook and\u2026","rel":"","context":"In &quot;Technology&quot;","block_context":{"text":"Technology","link":"https:\/\/nccomputertech.com\/techtalk\/category\/technology\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/img.youtube.com\/vi\/9vdjtG9ozeQ\/0.jpg?resize=350%2C200","width":350,"height":200},"classes":[]},{"id":9430,"url":"https:\/\/nccomputertech.com\/techtalk\/2018\/11\/05\/the-prosecco-experience-this-week-in-tech-691\/","url_meta":{"origin":8299,"position":4},"title":"The Prosecco Experience &#8211; This Week in Tech 691","author":"NCCT","date":"November 5, 2018","format":false,"excerpt":"https:\/\/youtu.be\/9Pm9vDm1-sg Apple\u2019s new Macs and iPads, CIA\u2019s not-so-secret websites, Twitter voter suppression, and more. -- Apple announces new MacBook Air and Mac Mini, then blows them both away with its new iPad Pro. -- Apple will no longer tell us how many iPhones it sells. -- How to kill an\u2026","rel":"","context":"In &quot;Apple&quot;","block_context":{"text":"Apple","link":"https:\/\/nccomputertech.com\/techtalk\/category\/apple\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/img.youtube.com\/vi\/9Pm9vDm1-sg\/0.jpg?resize=350%2C200","width":350,"height":200},"classes":[]},{"id":9405,"url":"https:\/\/nccomputertech.com\/techtalk\/2018\/10\/07\/odorless-and-weightless-hackers-this-week-in-tech-687\/","url_meta":{"origin":8299,"position":5},"title":"Odorless and Weightless Hackers &#8211; This Week in Tech 687","author":"NCCT","date":"October 7, 2018","format":false,"excerpt":"https:\/\/youtu.be\/lb4rnqfNdas Chinese Spy Chips, Microsoft Highs and Lows, Pixel 3 Event Predictions, and More! Bloomberg reports that China used tiny chips to spy on Apple, Amazon, and the US government. Apple and Amazon deny it. How do we know who is right? All the news from the Microsoft Surface event,\u2026","rel":"","context":"In &quot;Apple&quot;","block_context":{"text":"Apple","link":"https:\/\/nccomputertech.com\/techtalk\/category\/apple\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/img.youtube.com\/vi\/lb4rnqfNdas\/0.jpg?resize=350%2C200","width":350,"height":200},"classes":[]}],"_links":{"self":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/posts\/8299","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/comments?post=8299"}],"version-history":[{"count":0,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/posts\/8299\/revisions"}],"wp:attachment":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/media?parent=8299"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/categories?post=8299"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/tags?post=8299"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}