{"id":4095,"date":"2016-03-03T03:11:22","date_gmt":"2016-03-02T19:11:22","guid":{"rendered":"https:\/\/www.darknet.org.uk\/?p=4095"},"modified":"2016-03-03T12:58:24","modified_gmt":"2016-03-03T04:58:24","slug":"drown-openssl-attack-need-know","status":"publish","type":"post","link":"https:\/\/www.darknet.org.uk\/2016\/03\/drown-openssl-attack-need-know\/","title":{"rendered":"DROWN Attack on TLS – Everything You Need To Know"},"content":{"rendered":"
So SSL in general is having a rough time lately, now with the SSLv2 DROWN attack on TLS. And this is not long after Logjam<\/a> and a while since Heartbleed<\/a>, POODLE<\/a> and FREAK.<\/p>\n DROWN is a cross-protocol attack that can decrypt passively collected TLS sessions from up-to-date clients and stands for D<\/strong>ecrypting R<\/strong>SA with O<\/strong>bsolete and W<\/strong>eakened eN<\/strong>cryption.<\/p>\n <\/p>\n DROWN is a serious vulnerability that affects HTTPS and other services that rely on SSL and TLS, some of the essential cryptographic protocols for Internet security. These protocols allow everyone on the Internet to browse the web, use email, shop online, and send instant messages without third-parties being able to read the communication.<\/p><\/blockquote>\n