Capital Wired

Keeps You Updated

Monday, January 25, 2021
Log in
  • Headlines
  • Business
  • Health
  • Tech & Science
  • Sports
  • World
  • US
  • Latest News
    • How To Make Your Own Home-Brewed Morphine
    • Using Mouthwash Too Often Puts You at Risk of Obesity and Diabetes
    • Walmart to Solve its Supply Chain Issues and Further Cut Down on Costs
    • The World’s Most Expensive Christmas Decorations
    • Netflix Hopes to Balance Data Limit With Great Video Quality
    • Joji Morishita says Japan Will Resume Whaling
    • The Most Beloved Plastic Surgeries Among Americans
    • Skype for Web Allows Non-Users to Take Part In Its Online Chats

Pages

  • About Capital Wired
  • Contact Us
  • Privacy Policy GDPR
  • Reprint & Licensing
  • Staff
  • Terms of Use

Recent Posts

  • Here’s Why Your Brain Keeps Worrying about Everything June 29, 2018
  • Don’t Throw That Sunscreen after Summer Is Up June 29, 2018
  • Analysts: Currency War between U.S. and China Might Be Looming June 28, 2018
  • Starbucks Rival The Coffee Bean & Tea Leaf Opening 100 Shops June 27, 2018
  • Study Finds We Are Alone in the Universe June 26, 2018
  • Restaurant Owner Not Sorry for Booting Sarah Sanders June 26, 2018
  • Beware of the Hidden Salt in Your Food! June 25, 2018

One Third of Servers Using the SSLv2 Protocol Are Susceptible to Attacks

March 2, 2016 By Germaine Hicks Leave a Comment

Email, RSS Follow

sslv2 protocolCyber security scientists have found a new weak point that could let hackers to read secured emails between customers and around one third of HTTPS web servers. Some security protocols, like SSLv2, do not have to be implemented for encrypted communication, but security experts did not perceive their presence in server options as security risks until now.

This is because modern web browsers or other TLS-able clients do not use them. In a recently launched research document, some experts revealed that if HTTPS servers are compatible with SSLv2, a hacker could manipulate the system to decrypt transmitted messages from its customers.

This can happen even if these connections are applying the newest and most protected editions of TLS protocols. These hacking attempts, known as DROWN, have several requirements but are quite simple. First, the targeted HTTPS web server has to support SSLv2 or to send its private code to another web server that supports it, for instance, an e-mail provider.

It is quite typical for companies to implement similar private keys and certification for TLS protocols on both e-mail and web servers. The hacker also has to see several dozen TLS links between a potential target and an unprotected server.

Attackers can do that by tracking online links over longer periods or by sending harmful JavaScript code. This way, they can force a user’s web browser to continuously set up a connection in with the victim’s site.

Furthermore, the targeted servers must implement a RSA key program during the attack, but this should not be an issue for hackers since RSA is the most used key exchange algorithm in TLS protocols. Once the enemy has the taken connection, he has to link it to the web server via the SSLv2 method and deliver exclusively designed handshake information.

This contains variations of RSA cipher text duplicated from the customer’s TLS algorithm. These samples will not succeed, but the method in which the web server reacts to them can send vital data about the private keys implemented for the target’s TLS connection.

In the most severe situations, a hacker would have to execute approximately 40,000 connections totaling 2^50 calculations to decrypt a single connection from the 900 potential weaknesses. Running all these operations for the strike the Amazon EC2 cloud processing system would cost more than $400, the scientists approximated.

Image source: Wireshark

Email, RSS Follow

Germaine Hicks

Germaine is an avid sports fan and as such, he decided on his current career path with the idea in mind that he would never, ever miss a Yankee game. Until now, he managed to make good on that promise. As you’ve probably guessed, he’s our go-to sports guy.

Filed Under: Tech & Science Tagged With: disable sslv2 protocol +nrpe, disable sslv2 protocol support in iis 7, ssl protocol disable sslv2, ssl protocol sslv2, sslv2 insecure protocol, sslv2 protocol

Subscribe to Blog via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Recent Articles

dc logo on black galaxy background

Ava DuVernay to Direct DC’s New Gods Adaptation

March 16, 2018 By Rebecca McGhee Leave a Comment

leonardo davinci's signature in black

Is DaVinci’s Record Breaking Painting Authentic?

November 20, 2017 By Rebecca McGhee Leave a Comment

stephen hawking

Stephen Hawking Makes Gloomy Prediction For Earth In A 100 Years

May 7, 2017 By Deborah Nielsen Leave a Comment

"Dwayne Johnson not dead"

Dwayne Johnson Died this Week or Not

January 19, 2016 By Jason Leathers 3 Comments

There Are At Least Three More Seasons of Game of Thrones To Go

July 31, 2015 By Rebecca McGhee Leave a Comment

Homelessness Soars in L.A., Officials Pledge to House Everybody by 2016

May 12, 2015 By Brian Galloway Leave a Comment

FBI Releases National Report on Slain Police Officers, Figures are Alarming

May 12, 2015 By Rebecca McGhee Leave a Comment

New York Nuclear Plant Partially Shut Down due to Hudson Oil Slick

May 11, 2015 By Jason Leathers 2 Comments

Obama Draws Heat from Democrats over Asia Trade Deal

May 9, 2015 By Rebecca McGhee Leave a Comment

Florida Governor Changes Stance on Obamacare Once More, Budget on Hold

May 9, 2015 By Brian Galloway Leave a Comment

Secret Service to add an Extra Layer of Spikes to White House Fence

May 8, 2015 By Chen Lai Leave a Comment

Police Arrested Suspect in death of Student who tried to Sell Car on Craigslist

May 8, 2015 By Deborah Nielsen 1 Comment

AccuWeather.com: 2015 Atlantic Tropical Storm Season is Officially Open

May 7, 2015 By Deborah Nielsen Leave a Comment

Illinois Student Found Dead after Trying to Sell his Car on Craigslist

May 7, 2015 By Deborah Nielsen 2 Comments

Related Articles

  • ET movie

    Study Finds We Are Alone in the Universe

    Jun 26, 2018
  • Sarah Huckabee Sanders

    Restaurant Owner Not Sorry for Booting Sarah Sanders

    Jun 26, 2018
  • New Type of Photosynthesis Spotted in Blue-Green Algae

    Jun 20, 2018
  • Tropical fish and coral reef

    Coral Reefs Save Us from Flooding (Study)

    Jun 14, 2018
  • NASA astronaut on the moon

    NASA Astronauts Warmed Up the Moon in the 1970s

    Jun 12, 2018
  • Antarctic landscape

    Antarctica Experiencing Routine Earthquakes Like Any Other Continent

    Jun 5, 2018
  • SpaceX Falcon 9 rocket launch

    SpaceX Launches Powerful Communications Satellite into Orbit

    Jun 5, 2018
  • Planet Pluto

    Scientists Have New Theory About Pluto’s Formation

    May 30, 2018
  • The Milky Way

    NASA Uses Lasers to Re-Create Coldest Spot in the Universe

    May 22, 2018
  • Plastic bottle on a sand beach

    Earth Has Had 33 Years of Above-than-Average Temperatures

    May 21, 2018

Categories

  • Business
  • Headlines
  • Health
  • Sports
  • Tech & Science
  • US
  • World

Copyright © 2021 capitalwired.com

About · Privacy Policy · Terms of Use · Contact

This website uses cookies to ensure you get the best experience on our website. Learn more.