Chat with us, powered by LiveChat
Menu Search
  1. Home
  2. Blog
  3. What to Know About DROWN Attack Vulnerabilities

By Barbara Cline 03/02/2016 12:16 PM Client How-Tos | Technology 0 Comments
What to Know About DROWN Attack Vulnerabilities

The most recent DROWN attack vulnerability risks have been the talk of tech blogs and our support inbox. 

If you have an HTTPS website, there is a chance you are at risk. However, if Blue Archer hosts your website, you are not vulnerable (we checked). 

What Is A DROWN Attack?

DROWN is a serious vulnerability that affects HTTPS and other services that rely on SSL and TLS, some of the essential cryptographic protocols for Internet security.
DROWN

 

DROWN stands for  Decrypting RSA with Obsolete and Weakened eNcryption. Even though it is referring to obsolete encryption, a surprising number of HTTPS sites are at risk due to faulty configurations. 

Who Is At Risk?

DROWN, a new vulnerability in OpenSSL that affects servers using SSLv2, was revealed today as an attack that could decrypt your secure HTTPS communications, such as passwords or credit card numbers.
Owen Williams, The Next Web

 

This issue is not just impacting small businesses, but as of yesterday, many large websites were also vulnerable such as: 

  • Yahoo
  • Alibaba
  • Weibo
  • BuzzFeed
  • Weather.com
  • Flickr
  • Samsung

It is estimated that over 11 million of all HTTPS sites are at risk. 

HTTPS

How do you know if this could impact you? To start, your website needs to be HTTPS. A website has this once they purchase an SSL for a secure connection. Typically, websites that trade sensitive information such as credit card numbers, become HTTPS. 

However, it has been rumored that Google will start prioritizing HTTPS sites which may have increased the numbers. 

Tester

This may strike an even larger panic since people have HTTPS for security, however, not everyone is at risk. To be at risk, your server may be enabling SSLv2, which is the main vulnerability. If you unsure, you can test your website

How Is It Prevented?

Businesses and large sites are rushing to remedy any vulnerabilities. While it is not an easy fix, servers are encouraged to disable SSLv2 to prevent any attacks. 

Blue Archer Support

Anytime sensitive information is traded over the web, security is top priority. Vulnerability scares from Heartbleed to DROWN can be business owners on edge.

If you are ever concerned, our support team will work with you to ease your and ensure a high level of security for your information. 

Login    Register
Please Login to post a comment     

Comments (0)

3 Ways to Engage

1. Call 412.353.1050, extension 1

2. Complete the quick contact form to the right

3. Launch our project planner to begin the discussion

 

Quick Contact

  • This field is for validation purposes and should be left unchanged.

Get Started With Our Project Planner

A few details about your project and goals is the first step towards identifying a solution that's right for you.

Launch Planner