All About The New Virus Called ‘DROWN’

Asked By 30 points N/A Posted on -
qa-featured

What does DROWN stand for? How does it harm the computer and the user? What are the ways to protect the device from this attack?

SHARE
Answered By 0 points N/A #185587

All About The New Virus Called ‘DROWN’

qa-featured

Hi

DROWN is an acronym for "Decrypting RSA with Obsolete and Weakened Encryption". It affects the HTTPS and other services with the help of SSL version 2. It affects some of the cryptographic protocols of the Internet. When it attacks, it decrypts the HTTPS communications e.g.: password, card number, CCV/ CVV number, etc. and allows other third parties to read this information. It could affect any person who is just surfing the internet, checking his mail, buying stuff online, etc. It can be prevented by disabling SSL 2 and also SSL 3.

Answered By 562865 points N/A #185589

All About The New Virus Called ‘DROWN’

qa-featured

DROWN is the short term for “Decrypting RSA with Obsolete and Weakened eNcryption”. It is a kind of cross-protocol security bug attack that attacks servers that have the latest TLS protocol suites by utilizing their support for the outdated, vulnerable SSLv2 protocol to force an attack on connections that are using the latest protocols.

In March 2016, the complete details about the DROWN attack were announced together with a patch that disables the SSLv2 protocol in OpenSSL. This patch alone will not be enough to lessen the attack if the certificate is located on another SSLv2 host. Disabling the SSLv2 on all servers is the only practical countermeasure.

As of March 1, 2016, it is estimated to about 33 percent (33%) of all HTTPS sites were affected by this vulnerability, according to researchers. The broken lock logo symbolizes the DROWN attack. DROWN attack permits an attacker to decrypt HTTPS connections by transmitting specially crafted malicious packets to a server or if the certificate is shared on another server, potentially executing a successful MitM attack or Man-in-the-Middle attack.

Login/Register to Answer

Related Questions