DROWN Attack
Earlier this week, we learned of yet another attack against SSL/TLS where an attacker can force people to use insecure algorithms. It’s called DROWN. Here’s a good news article on the attack, the technical paper describing the attack, and a very good technical blog post by Matthew Green.
As an aside, I am getting pretty annoyed at all the marketing surrounding vulnerabilities these days. Vulnerabilities do not need a catchy name, a dedicated website—even thought it’s a very good website—and a logo.
Anura • March 3, 2016 2:51 PM
Well, how else will you get attention without a fancy website? The seriousness of this isn’t very high. Anyone who has ever paid attention in the last decade has already disabled SSLv2, and those that didn’t are vulnerable to quite a few vulnerabilities already.