• News
  • Security
  • Products
  • About Seqrite
Seqrite Blog Blog
  • News
  • Security
  • Products
  • About Seqrite
Home  /  News • Security  /  Logjam Vulnerability: Why You Need to Upgrade Your Browsers
logjam vulnerability
29 January 2016

Logjam Vulnerability: Why You Need to Upgrade Your Browsers

Written by Rahul Thadani
Rahul Thadani
News, Security
Estimated reading time: 2 minutes

Original Post – May 21, 2015

Another new SSL (Secure Sockets Layer) vulnerability has come to light in the last few hours and your home computers and office workstations could be at risk. If you are familiar with the Heartbleedand FREAK attacks from the last few months, then you would know that such kind of vulnerabilities cannot be taken lightly.

This new vulnerability is called “Logjam” and it affects simple protocols that the Internet is based on. Basically, whenever two sites need to exchange confidential information they also exchange a set of cryptographic keys in a secure manner. These keys help them decode the information that they receive. This exchange is carried out by the “Diffie-Hellman key exchange (D-H)” method. What the Logjam attack does is intercept this algorithm and prevents sites from sharing these keys with each other.

An attacker can instigate a Man-in-the-Middle (MITM) attack to downgrade a TLS connection to an inferior version and then steal sensitive information. This methodology bears several similarities to the recent FREAK attack as well.

How was the Logjam vulnerability discovered?

This vulnerability was discovered by a group of security researchers from Johns Hopkins University, University of Michigan, University of Pennsylvania, Microsoft Research, CNRS, Inria Nancy-Grand Est, and Inria Paris-Rocquencourt.

They have published more details and a technical report about the Logjam vulnerability which can be viewed over here. You can also check if your browser is vulnerable by visiting this link.

Who is vulnerable to the Logjam vulnerability?

Pretty much anyone who uses the Internet is potentially at risk here. This includes websites, mail servers and other TLS (Transport Layer Security) dependent services. The report further states that about 8.4% of the top 1 million domains are vulnerable – a number that roughly translates to around 84,000 domains. This security vulnerability can be especially dangerous for services that require personal user credentials and facilitate the transfer of sensitive information.

What this also means is that business enterprises who conduct operations online are also at risk. Data that is transferred through their various channels can theoretically be intercepted and stolen. As a result, enterprises need to take immediate steps to prevent this threat.

In their report, the researchers also speculate that “a close reading of published NSA leaks shows that the agency’s attacks on VPNs are consistent with having achieved such a break.” However, whether the NSA has actually used Logjam to intercept data merely remains speculation as of now.

What can be done to prevent such attacks?

The best solution to the Logjam vulnerability right now is to update all your browsers and programs immediately. All browser providers such as Google, Mozilla, Microsoft, Apple and others are working on fixing this vulnerability. So you regularly need to check for browser updates for your home or business machines. Moreover, if you are running a mail or web server, you need to disable support for export cipher suites and also generate a unique 2048-bit Diffie-Hellman group.

 Previous PostAlert: Ransomware Infections on the Rise
Next Post  How Vulnerable is your Small and Medium-sized Business?
Rahul Thadani
About Rahul Thadani

Rahul is a web enthusiast and blogger, and has been writing about the computer security industry for the last three years. Following the latest technology trends,...

Articles by Rahul Thadani »

Related Posts

  • Is your Router exposed to cyber threats

    Is your router exposed to cyber threats? Here is how to safeguard it.

    July 30, 2020
  • Snake ransomware stings to spread its venom in the veins of enterprise networks.

    Snake Ransomware brings impending doom to enterprise networks

    July 10, 2020
  • APT harbingers are using Honey Traps to attack Indian Defence.

    Operation ‘Honey Trap’: APT36 Targets Defence Organizations in India

    July 8, 2020

No Comments

Leave a Reply.Your email address will not be published.

Cancel reply

CAPTCHA Image
Refresh Image

Popular Posts

  • The Data breach inferno burning big-ticket businesses The Data breach inferno burning big-ticket businesses February 5, 2021
  • Pharma Sector needs to streamline its insides to avoid cyberattacks Pharma Sector needs to streamline its insides to avoid cyberattacks February 12, 2021
  • Turn the Page: Cybersecurity Predictions for 2021 & beyond Turn the Page: Cybersecurity Predictions for 2021 & beyond February 18, 2021

Featured Authors

  • Seqrite
    Seqrite

    Follow us for the latest updates and insights related to security for...

    Read more..
  • Viraj Talikotkar
    Viraj Talikotkar

    Viraj is a Lead Technical Writer at Quick Heal Technologies. He is always on...

    Read more..
  • Sanjay Katkar
    Sanjay Katkar

    Sanjay Katkar is the Joint Managing Director and Chief Technology Officer of...

    Read more..

Latest Posts

  • Businesses now worried about the surge in COVID-19 infodemic

    Businesses now worried about the surge in COVID-19 infodemic

    February 26, 2021
  • Turn the Page: Cybersecurity Predictions for 2021 & beyond

    Turn the Page: Cybersecurity Predictions for 2021 & beyond

    February 18, 2021
  • Pharma Sector needs to streamline its insides to avoid cyberattacks

    Pharma Sector needs to streamline its insides to avoid cyberattacks

    February 12, 2021

Stay Updated!

Topics

Antivirus For Linux (10) apt (9) BYOD (9) COVID-19 (10) Cyber-attack (31) cyber-attacks (56) cyberattacks (12) Cybersecurity (279) cyber security (25) Cyber threat (29) cyber threats (44) Data (11) data breach (50) data breaches (27) data loss (28) data loss prevention (33) data protection (21) data security (13) DLP (49) Encryption (16) endpoint security (102) Enterprise security (14) EPS (9) Exploit (12) firewall (11) hackers (9) IoT (10) malware (58) malware attack (22) malware attacks (12) MDM (25) mobile device management (9) Network security (18) Patch Management (12) phishing (16) Ransomware (56) ransomware attack (29) ransomware attacks (30) ransomware protection (12) Seqrite (24) Seqrite Encryption (27) Seqrite EPS (33) Seqrite Services (16) UTM (34) Vulnerability (10)

Products

  • Endpoint Security (EPS)
  • Seqrite Encryption Manager
  • Seqrite Endpoint Security Cloud
  • Cloud Security
  • Seqrite mSuite
  • Seqrite MobiSMART
  • Unified Threat Management
  • Seqrite Secure Web Gateway
  • Antivirus for Server
  • Antivirus for Linux

Resources

  • White Papers
  • Datasheets
  • Threat Reports
  • Manuals
  • Case Studies

About Us

  • Company Overview
  • Leadership
  • Why choose SEQRITE?
  • Awards & Certifications
  • Newsroom

Archives

  • By Date
  • By Category

© 2020 Quick Heal Technologies Ltd. (Formerly Known as Quick Heal Technologies Pvt. Ltd.) Cookie Policies Privacy Policies

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website.
By browsing this website, you agree to our cookie policy.