Cloud Services Still Vulnerable

DROWN, the latest in a series of SSL/TLS-related security vulnerabilities that was revealed a week ago, can be exploited to intercept, decrypt,  access and modify encrypted data even when it’s sent via TLS (the newer and more secure version of SSL) if there is a server with SSL v2 enabled that uses the same private key. 

Updates were released to address the vulnerability in OpenSSL, but a scan of servers conducted this week showed that most of the cloud services that are affected by this vulnerablity still had not fixed the problem. Ouch. 

Read more here:
http://www.securityweek.com/drown-vulnerability-still-unpatched-most-cloud-services 

Leave a Comment

Your email address will not be published.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top