On March 1st, 2016 the Department of Homeland Security announced a vulnerability found in the SSL protocol (1). This vulnerability has been named the DROWN attack, which stands for “Decrypting RSA with Obsolete and Weakened eNcryption”. It has been stated that 33% of all secured web servers on the internet may be affected by this (2).
What does this mean for me?
This means the Web Server that you use for mail, hosting your websites, or your sensitive company data may be at risk.
Your SSL certificate is used to encrypt important, confidential information such as:
- Credit Card Information
- Login Information (Username / Password)
- Company Files
- Server Access
- Much, much more!
These are the preventative measures that need to be taken:
- Upgrade OpenSSL
- Test your site at https://drownattack.com/#check
- Verify your certificate isn’t in use on TLS & SSL v2 enabled servers.
Featured – http://www.gotcredit.com