Skip to main content

New Attack Puts Websites At Risk

By March 19, 2016May 26th, 2021Blog, Cybersecurity

new_attack_puts_websites__124163_227832Remember last year’s “Heartbleed” scare? If you don’t, or if you need a refresher, Heartbleed was a flaw in the security of SSL, which is the technology employed by just about everyone on the web to make financial transactions secure. It is essentially the technology that makes people feel comfortable about conducting business on the web.

This year, another vulnerability in SSL has been found, this one called “DROWN,” which stands for Decrypting RSA with Obsolete and Weakened eNcryption. This attack can completely compromise SSL security, and is estimated to be able to impact more than 11 million sites on the internet, worldwide, so in terms of scope and scale, this is one to pay serious attention to. Combine that with the fact that this attack strikes at the very heart of financial transactions on the internet, and it’s easy to see why there’s cause for concern.

The good news is that even if this is the first you’re hearing about it, there’s already a fix in place. You can test your site to see if it’s vulnerable by going here: https://test.drownattack.com/ . If you’re on the list, additional action should be taken immediately.

Specifically, have your IT people install OpenSSL version 1.0.2g, if you’re not already using it. If you’re currently running version 1.0.1, you should upgrade to 1.0.1s.

Typically, internet-based attacks rely on a swarm of PC’s attacking a single point to bring the server down, but servers vulnerable to this bug have been brought down with a single PC attacking it. Even worse, they can often succeed in less than a minute.

As of the time this piece was written, some of the biggest named companies on the internet are vulnerable to DROWN attacks. If your site is on the list, it’s not really a question of if you’ll be hit, but when, this makes it imperative that you upgrade your OpenSSL immediately.

Jason Manteiga

Jason Manteiga

Jason J. Manteiga, Vice President of Olmec Systems, has been part of the company for over the past 20 years. He believes that having a great work environment and supportive team, is the ultimate key to success. Since being in the IT realm for over 25 years, Jason, along with Olmec Systems, has been on the Inc. 5000 “List of America’s Fastest Growing Private Companies” and Channel Futures MSP 501 “Top Managed Service Providers in North America,” along with other awards and nominations. Jason earned his Bachelor Degree in Information Systems from the New Jersey Institute of Technology. He also holds certifications in Microsoft MCSE, VMWare VCP, and Cisco CCNA. In his spare time, Jason is a contributor for The Center for Social & Legal Research (Privacy Exchange) and a member of the Morris County Chamber of Commerce. His hobbies include cycling and kayaking. He currently lives in New Jersey with his wife, two daughters and son.

Leave a Reply