“DROWN” Security Vulnerability

IT Security Vulnerability – “DROWN”

Another website vulnerability has come to light, called the Drown attack.

It is a hacking technique that makes even (Supposedly secure) https:// websites vulnerable. Researchers in the US, Germany and Israel believe that one third of websites using the HTTPS protocol are vulnerable.

This means hackers can obtain passwords, credit card information, emails and sensitive documents. Therefore financial institutions and online retailers should pay particular attention to this latest threat.

The current recommendation is that Administrators of vulnerable servers and websites need to take action. There is nothing practical that browsers or end-users can do on their own to protect against this attack.

If you want to know if a website is vulnerable before you use it, you can do so with this free testing tool. Should you have any further concerns you should contact your network and website administrators to determine the actions to take to protect against the threat.

Advertisements