Latest Hacking News – ‘Thousands of popular sites‘ at risk of Drown attacks. Websites have been warned they could be exposed to eavesdroppers, after researchers discovered a new way to disable their encryption protections.Read Full Article and dont forget to share it “drown attack hacks thousands popular websites”

drown attack hacks thousands popular websites
drown attack hacks thousands popular websites

The experts said about a third of all computer servers using the HTTPS protocol – often represented by a padlock in web browsers – were vulnerable to so-called Drown attacks.

They warn that passwords, credit card numbers, emails and sensitive documents could all be stolen as a consequence.A fix has been issued.

Also Read: (Latest) Use 10 WhatsApp In Single Android Phone (100% Working)

According To iTechHacks News Network, it will take some time for many of the website administrators to protect their systems.

The researchers have released a tool that identifies websites that appear to be vulnerable.

They said they had not released the code used to prove their theory because “there are still too many servers vulnerable to the attack“.
As yet, there is no evidence hackers have worked out how to replicate their technique.

Also Read: How to Hack Computer By Wireless Mouse or Keyboard – Radio Dongle

An independent expert said he had no doubt the problem was real.
“What is shocking about this is that they have found a way to use a very old fault that we have known about since 1998,” said Prof Alan Woodward, from the University of Surrey.

And all this was perfectly avoidable.
“It is a result of us having used deliberately weakened encryption, which people broke years ago, and it is now coming back to haunt us.

Quick attack

To mount a successful attack on a website would still require a considerable amount of computational force.

But, the researchers said, under normal circumstance, hackers could rent the required capacity from Amazon’s cloud compute division for as little as $440 (£314).
In addition, because many of the servers vulnerable to Drown were also affected by a separate bug, a successful attack could be carried out using a home computer.

Also Read: Send Documents in WhatsApp Chat (New)

“This form of the attack is fast enough to allow an online man-in-the-middle style of attack, where the attacker can impersonate a vulnerable server to the victim,” the researchers wrote.

“We were able to execute this form of the attack in under a minute on a single PC.”

drown attack hacks thousands popular websites
About Drown Attack

The researchers said many popular sites – including ones belonging to Samsung, Yahoo and a leading Indian bank – appeared to be vulnerable.

“The weakness is actually in the old Pop3 server,” he said.
“Few people still use Pop3, but it means that things like your password reset server could theoretically be eavesdropped upon.”

1 COMMENT

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.