[bdNOG] SSLv2 DROWN Attack

• Previous message: [bdNOG] SSLv2 DROWN Attack
• Next message: [bdNOG] SSLv2 DROWN Attack
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Interesting (and scary!)



Thanks for sharing Jahangir.

On Thu, Mar 3, 2016 at 12:28 AM, Jahangir Hossain <jrjahangir at gmail.com>
wrote:

> Dear members ,
>
> Network traffic encrypted using an RSA-based SSL certificate may be
> decrypted if enough SSLv2 handshake data can be collected. Exploitation of
> this vulnerability - referred to as DROWN in public reporting - may allow a
> remote attacker to obtain the private key of a server supporting SSLv2.
>
> ​For more information please visit ,
>
> https://www.us-cert.gov/ncas/current-activity/2016/03/01/SSLv2-DROWN-Attack
>
>
> https://www.us-cert.gov/ncas/current-activity/2016/03/01/OpenSSL-Releases-Security-Advisory
> ​
>
>
>
> *Regards / Jahangir*
> *​ | Open Comm​*
>
>
>
>
> _______________________________________________
> nog mailing list
> nog at bdnog.org
> http://mailman.bdnog.org/mailman/listinfo/nog
>
>


-- 


Anurag Bhatia
anuragbhatia.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.bdnog.org/pipermail/nog/attachments/20160303/049d5a0b/attachment.html>

• Previous message: [bdNOG] SSLv2 DROWN Attack
• Next message: [bdNOG] SSLv2 DROWN Attack
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]