Skip navigation
Menu
Almost a third of HTTPS websites about to DROWN
Security

Almost a third of HTTPS websites about to DROWN

DROWN stands for Decrypting RSA with Obsolete and Weakened eNcryption.

As Washington braces for an Apple vs. FBI encryption fight, remnants of the last crypto wars continue to haunt businesses today.

The new DROWN Attack impacts HTTPS and other services that rely on SSL and TLS, and reportedly affects major sites including Yahoo!, Alibaba, and Weather.com.

The attack lets an unauthorized party decrypt TLS-dependent services, potentially opening up passwords, banking information, and more to interception, while also allowing malicious parties to modify supposedly authenticated content.

The attack works by relying on the fact that many servers still support SSLv2, a predecessor to TLS. By sending probes to a server that supports SSLv2 and uses the same private key, the attacker can also decrypt the TLS connection.

Our measurements indicate 33% of all HTTPS servers are vulnerable to the attack, the researchers noted.

The attack was developed by researchers at Tel Aviv University, Münster University of Applied Sciences, Ruhr University Bochum, the University of Pennsylvania, the Hashcat project, the University of Michigan, Two Sigma, Google, and the OpenSSL project.

Matthew Green has some good analysis, particularly about the roots of the problem:

The reason you might think SSLv2 is terrible is because it was a product of the mid-1990s, which modern cryptographers view as the dark ages of cryptography. Many of the nastier cryptographic attacks we know about today had not yet been discovered. As a result, the SSLv2 protocol designers were forced to essentially grope their way in the dark, and so were frequently devoured by grues -- to their chagrin and our benefit, since the attacks on SSLv2 offered priceless lessons for the next generation of protocols.

And yet, these honest mistakes are not worst thing about SSLv2. The most truly awful bits stem from the fact that the SSLv2 designers were forced to ruin their own protocol. This was the result of needing to satisfy the U.S. government's misguided attempt to control the export of cryptography. Rather than using only secure encryption, the designers were forced to build in a series of export-grade ciphersuites that offered abysmal 40-bit session keys and other nonsense. I've previously written about the effect of export crypto on today's security. Today we'll have another lesson.

Hide comments

More information about text formats

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish
Recommended Reading
DevSecOps concept
90% of Java Services in Production Have Vulnerability Risk, DevSecOps Report Finds
Apr 20, 2024
Businesswoman challenges concept and gender obstacles
Women in Cybersecurity Face Barriers to Hiring, Advancement
Apr 15, 2024
person typing on keyboard with icons for certificates
Top IT Certifications for a Career in Finance
Apr 12, 2024
employee working on a laptop with AI
Why AI Coding Assistants May Be Greatest Cybersecurity Threat Facing Your Business
Mar 26, 2024