BugBlog: Drown Attack Against HTTPS

There are quite a few stories about a new threat against HTTPS (secure) websites that use TLS protocol for encryption. A story at Ars Technica says that up to 11.5 million websites could be vulnerable. In many cases, these sites are using older, weaker security protocols that can be updated by new patches. End users don’t have much to do, other than hope any secure connections they have been using are not vulnerable. US-CERT also has information on the vulnerability.

Bruce Kratofil is a market researcher, economist, and writer.

Posted in bugs, security