Researchers disclosed a critical new SSL vulnerability during one of the biggest security conferences in the world, RSA. DROWN, or Decrypting RSA with Obsolete and Weakened eNcryption, is an vulnerability that allows attackers to gain the public key of servers that still use SSLv2.0. Watch today’s video to learn more about it, and make sure to disable SSLv2.0 on all your servers, and to update OpenSSL.
(Episode Runtime: 5:25)
Direct YouTube Link: https://www.youtube.com/watch?v=TLMLw2sDB3E
EPISODE REFERENCES:
- The official DROWN vulnerability page – Drown Attack
- Full technical whitepaper on the DROWN attack [PDF] – Drown Attack
- OpenSSL’s guide to the DROWN attack – OpenSSL
- WatchGuard’s KB article on how DROWN affects our products – WatchGuard
— Corey Nachreiner, CISSP (@SecAdept)
Leave a Reply