<div dir="ltr"><div style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255)"><font>Hello all,</font></div><div style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255)"><font><br></font></div><div style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255)"><font>In light the </font>recent disclosure of a security vulnerability, the Security Team has decided to issue an announcement to inform those who may have not heard about its details and implications.</div><div style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255)"><font><br></font></div><div style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255)"><font>---</font></div><div style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255)"><font><br></font></div><div dir="ltr" style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255)"><b><font size="4">DROWN Attack</font></b></div><div dir="ltr" style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255)"><span style="font-size:12.8px"><br></span></div><div dir="ltr" style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255)"><span style="font-size:12.8px">DROWN is a vulnerability/attack that has been recently disclosed and affects services that rely on SSL and TLS to provide security.</span></div><div dir="ltr" style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255)"><span style="font-size:12.8px"><br></span></div><div dir="ltr" style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255)"><span style="font-size:12.8px">The vulnerability allows an attacker to obtain the session keys for an encrypted session, allowing him to decrypt all the communications within that session.</span></div><div dir="ltr" style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255)"><span style="font-size:12.8px"><br></span></div><div dir="ltr" style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255)"><span style="font-size:12.8px">The authors of the research that revealed the vulnerability measured that 33% of HTTPS servers are vulnerable. Other potentially affected services include VPN and email servers.</span></div><div dir="ltr" style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255)"><span style="font-size:12.8px"><br></span></div><div dir="ltr" style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255)"><span style="font-size:12.8px">A service is vulnerable if it meets <b>ANY</b> of the following conditions:</span></div><div dir="ltr" style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255)"><span style="font-size:12.8px"><br></span></div><div dir="ltr" style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255)"><span style="font-size:12.8px">    -   Has support for SSLv2.</span></div><div dir="ltr" style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255)"><span style="font-size:12.8px">    -   Uses the same certificate/private key as a service that has support for SSLv2.</span></div><div dir="ltr" style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255)"><span style="font-size:12.8px">    -   Uses a version of OpenSSL 0.9.8 before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m or 1.0.2 before 1.0.2a.</span></div><div dir="ltr" style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255)"><span style="font-size:12.8px"><br></span></div><div dir="ltr" style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255)"><span style="font-size:12.8px">The vulnerability is specially dangerous if the last condition is met, since the attack could to be performed in a very short amount of time.</span></div><div dir="ltr" style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255)"><span style="font-size:12.8px"><br></span></div><div dir="ltr" style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255)"><span style="font-size:12.8px">In order to remediate the vulnerability, <b>ALL</b> of the following actions should be taken:</span></div><div dir="ltr" style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255)"><span style="font-size:12.8px"><br></span></div><div dir="ltr" style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255)"><span style="font-size:12.8px">    -   Disable support for SSLv2.</span></div><div dir="ltr" style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255)"><span style="font-size:12.8px">    -   Disable support for SSLv2 in services using the same certificate/private key.</span></div><div dir="ltr" style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255)"><span style="font-size:12.8px">    -   Upgrade OpenSSL to a version newer than 0.9.8zf, 1.0.0r, 1.0.1m or 1.0.2a.</span></div><div dir="ltr" style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255)"><span style="font-size:12.8px"><br></span></div><div style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255)">Additionally, upgrading OpenSSL to a version newer than <span style="color:rgb(0,0,0);white-space:pre-wrap;font-size:small">1.0.1s or 1.0.2g also mitigates the vulnerability by disabling SSLv2 and SSLv3 weak ciphers by default.</span></div><div style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255)"><br></div><div dir="ltr" style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255)"><span style="font-size:12.8px">Note that the vulnerability only affects servers and cannot be mitigated in the client side.</span></div><div dir="ltr" style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255)"><span style="font-size:12.8px"><br></span></div><div dir="ltr" style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255)"><span style="font-size:12.8px">The attack affects all servers that rely on SSL and TLS and either support SSLv2 or share a certificate/private key with another server that supports SSLv2.</span></div><div dir="ltr" style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255)"><span style="font-size:12.8px"><br></span></div><div dir="ltr" style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255)"><span style="font-size:12.8px">The attack is possible since an attacker can use the server's support for SSLv2 to perform an older attack, the Bleichenbacher padding oracle, to recover the pre-master secret, which will be also used in SSL and TLS connections that share the same certificate/private key. </span><span style="font-size:12.8px">With the pre-master secret, an attacker can compute the session keys for the SSL session and decrypt the communication.</span></div><div dir="ltr" style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255)"><span style="font-size:12.8px"><br></span></div><div dir="ltr" style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255)"><span style="font-size:12.8px">There is a service, provided by the original researchers, that checks if a particular domain was vulnerable as of February 2016:</span></div><div dir="ltr" style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255)"><span style="font-size:12.8px"><br></span></div><div dir="ltr" style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255)"><span style="font-size:12.8px"><a href="https://drownattack.com/#test" target="_blank" style="color:rgb(17,85,204)">https://drownattack.com/#test</a></span></div><div dir="ltr" style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255)"><span style="font-size:12.8px"><br></span></div><div dir="ltr" style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255)"><span style="font-size:12.8px">There is also a tool, published by the same researchers, that allows this test to be performed massively and against different services:</span></div><div dir="ltr" style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255)"><span style="font-size:12.8px"><br></span></div><div dir="ltr" style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255)"><span style="font-size:12.8px"><a href="https://github.com/nimia/public_drown_scanner" target="_blank" style="color:rgb(17,85,204)">https://github.com/nimia/public_drown_scanner</a></span></div><div dir="ltr" style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255)"><span style="font-size:12.8px"><br></span></div><div style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255)">More details about the vulnerability can be found here:</div><div style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255)"><br></div><div style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255)"><a href="https://drownattack.com/#test" target="_blank" style="color:rgb(17,85,204);font-size:12.8px">https://drownattack.com/</a></div><div style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255)"><a href="https://www.openssl.org/news/secadv/20160301.txt" target="_blank" style="color:rgb(17,85,204);font-size:small"><span style="font-size:12.8px">https://www.openssl.org/news/secadv/20160301.txt</span></a><br></div><div style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255)"><span style="font-size:12.8px"><a href="https://www.openssl.org/blog/blog/2016/03/01/an-openssl-users-guide-to-drown/" target="_blank" style="color:rgb(17,85,204)">https://www.openssl.org/blog/blog/2016/03/01/an-openssl-users-guide-to-drown/</a></span></div><div style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255)"><a href="http://blog.cryptographyengineering.com/2016/03/attack-of-week-drown.html" target="_blank" style="color:rgb(17,85,204);font-size:12.8px">http://blog.cryptographyengineering.com/2016/03/attack-of-week-drown.html</a><br><br></div><div style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255)">regard,<br><br></div><div style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255)">Asif Murad Khan<br></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Mar 2, 2016 at 6:09 PM, Jahangir Hossain <span dir="ltr"><<a href="mailto:jrjahangir@gmail.com" target="_blank">jrjahangir@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div class="gmail_default"><font size="2"><span style="font-family:arial,helvetica,sans-serif"><i><b>Possible solution :</b></i><br></span></font>

<p style="line-height:16.9pt;vertical-align:baseline"><font size="2"><span style="font-family:arial,helvetica,sans-serif"><b>- Disable
SSLv2</b></span></font></p>

<p style="line-height:16.9pt;vertical-align:baseline"><font size="2"><span style="font-family:arial,helvetica,sans-serif">Network administrators
should disable SSLv2 support. The researchers have provided more information on
how to disable SSLv2 for various server products.</span></font></p>

<p style="line-height:16.9pt;vertical-align:baseline"><font size="2"><span style="font-family:arial,helvetica,sans-serif">Network administrators can
determine if a server supports SSLv2 with the following command:</span></font></p>

<p style="line-height:16.9pt;vertical-align:baseline"><font size="2"><span style="font-family:arial,helvetica,sans-serif">openssls_client -connect
host:443 -ssl2</span></font></p>

<p style="line-height:16.9pt;vertical-align:baseline"><font size="2"><span style="font-family:arial,helvetica,sans-serif">If certificate information
is returned, then SSLv2 is supported.</span></font></p>

<p style="line-height:16.9pt;vertical-align:baseline"><font size="2"><span style="font-family:arial,helvetica,sans-serif">SSLv2 has been deprecated
since 2011.</span></font></p><p style="line-height:16.9pt;vertical-align:baseline">

</p><p style="line-height:16.9pt;vertical-align:baseline"><font size="2"><span style="font-family:arial,helvetica,sans-serif"><b>- Do
not reuse SSL certificates or key material</b></span></font></p>

<p style="line-height:16.9pt;vertical-align:baseline"><font size="2"><span style="font-family:arial,helvetica,sans-serif">This issue can be mitigated
on TLS connections by using unique SSL keys and certificates. If possible, do
not reuse key material or certificates between SSLv2 and TLS support on
multiple servers.</span></font></p>

<p style="line-height:16.9pt;vertical-align:baseline"><font size="2"><span style="font-family:arial,helvetica,sans-serif"><b>- Monitor
network and use firewall rules</b></span></font></p>

<font size="2"><span style="font-family:arial,helvetica,sans-serif"><span style="line-height:115%">Recommend enabling firewall rules to block
SSLv2 traffic. Since the attack requires approximately 1000 SSL handshakes,
network administrators may also monitor logs to look for repeated connection
attempts. However, this data may also be obtained via man-in-the-middle or
other attacks, not solely from direct connections.</span><br><br><br><br></span></font></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small"><b><font size="2">Stay secure ;\</font></b><br><br><br></div></div><div class="gmail_extra"><div><div class="h5"><br><div class="gmail_quote">On Wed, Mar 2, 2016 at 6:02 PM, Anurag Bhatia <span dir="ltr"><<a href="mailto:me@anuragbhatia.com" target="_blank">me@anuragbhatia.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Interesting (and scary!)<div><br></div><div><br></div><div><br></div><div>Thanks for sharing Jahangir. </div></div><div class="gmail_extra"><br><div class="gmail_quote"><div><div>On Thu, Mar 3, 2016 at 12:28 AM, Jahangir Hossain <span dir="ltr"><<a href="mailto:jrjahangir@gmail.com" target="_blank">jrjahangir@gmail.com</a>></span> wrote:<br></div></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div><div dir="ltr"><div class="gmail_default" style="font-family:arial,helvetica,sans-serif"><font size="2">Dear members ,<br><br>Network traffic encrypted using an RSA-based SSL certificate may be 
decrypted if enough SSLv2 handshake data can be collected. Exploitation 
of this vulnerability - referred to as DROWN in public reporting - may 
allow a remote attacker to obtain the private key of a server supporting
 SSLv2.<br clear="all"></font></div><font size="2"><br></font><div class="gmail_default" style="font-family:arial,helvetica,sans-serif"><font size="2">​For more information please visit ,<br><br></font>

<p class="MsoNormal"><font size="2"><a href="https://www.us-cert.gov/ncas/current-activity/2016/03/01/SSLv2-DROWN-Attack" target="_blank"><span style="line-height:115%">https://www.us-cert.gov/ncas/current-activity/2016/03/01/SSLv2-DROWN-Attack</span></a><span style="line-height:115%"></span></font></p>

<p class="MsoNormal"><font size="2"><a href="https://www.us-cert.gov/ncas/current-activity/2016/03/01/OpenSSL-Releases-Security-Advisory" target="_blank"><span style="line-height:115%">https://www.us-cert.gov/ncas/current-activity/2016/03/01/OpenSSL-Releases-Security-Advisory</span></a><span style="line-height:115%"></span></font></p>

<font size="2">​</font></div><br><br><br><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div><i><font size="2"><span style="font-family:arial,helvetica,sans-serif">Regards / Jahangir</span></font></i><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;display:inline"><i><font size="2">​ | Open Comm​</font></i></div><br><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small"><br></div><br></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div>
</div>
<br></div></div>_______________________________________________<br>
nog mailing list<br>
<a href="mailto:nog@bdnog.org" target="_blank">nog@bdnog.org</a><br>
<a href="http://mailman.bdnog.org/mailman/listinfo/nog" rel="noreferrer" target="_blank">http://mailman.bdnog.org/mailman/listinfo/nog</a><br>
<br></blockquote></div><span><font color="#888888"><br><br clear="all"><div><br></div>-- <br><div><div dir="ltr"><div><div dir="ltr"><div dir="ltr"><div><font face="arial, helvetica, sans-serif"><br></font></div><div><br></div><font face="arial, helvetica, sans-serif">Anurag Bhatia<br></font><div></div><div><font face="arial, helvetica, sans-serif"><a href="http://anuragbhatia.com" target="_blank">anuragbhatia.com</a></font></div></div></div></div></div></div>
</font></span></div>
</blockquote></div><br><br clear="all"><br></div></div><span class="HOEnZb"><font color="#888888">-- <br><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div><i><span style="font-family:arial,helvetica,sans-serif">Regards / Jahangir</span></i><br></div></div><br><div><div><div>     <br><br></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div>
</font></span></div>
<br>_______________________________________________<br>
nog mailing list<br>
<a href="mailto:nog@bdnog.org">nog@bdnog.org</a><br>
<a href="http://mailman.bdnog.org/mailman/listinfo/nog" rel="noreferrer" target="_blank">http://mailman.bdnog.org/mailman/listinfo/nog</a><br>
<br></blockquote></div><br><br clear="all"><br>-- <br><div class="gmail_signature"><div dir="ltr">Asif Murad Khan<div>Cell: +880-1713-114230</div></div></div>
</div>