Home » Alerts » Upgrade your Browsers to fix Logjam Vulnerability

Another latest Secure Sockets Layer vulnerability has come to headlines in the last few days and your home PC and office PC could be at risk. If you are aware of the Heart bleed and FREAK threats from the last few months, then you would know that such kind of threats cannot be taken carelessly.

This latest vulnerability is called “Logjam” and it affects basic protocols that the Internet is based on. Mainly, whenever two sites need to transfer vital data they also exchange a set of cryptographic keys in a safe manner. These keys help them decode the data that they get. This exchange is done by the “Diffie-Hellman key exchange” technique. What the Logjam attack does is interrupting this algorithm and stops sites from sharing these keys with each other.

A hacker can trigger a Man-in-the-Middle (MITM) attack to shut down a TLS connection to an inferior version and then steal vital data. This mechanism bears numerous similarities to the recent FREAK attack as well.20150524-ssllabs.com-ssl-client-test-logjam-vulnerability

How was the Logjam vulnerability revealed?

This vulnerability was revealed by a group of safety researchers from University of Michigan, Johns Hopkins University, University of Pennsylvania, CNRS, Microsoft Research, Inria Nancy-Grand Est, and Paris-Rocquencourt.

Who is unsafe to the Logjam vulnerability?

Pretty much anyone who browses the Internet is simply at risk here. This contains websites, social websites, mail servers and other Transport Layer Security dependent services. The report further reveals that about 10% of the top 1 million domains are susceptible. A number that roughly translates to around 75,000 domains. This safety vulnerability can be particularly dangerous for services that need personal user data and facilitate the transfer of vital data.

What this also means is that business firms who conduct operations online are also at risk. Data that is send via their various channels can theoretically be stolen and intercepted. As a result, business needs to take instant steps to prevent this threat.

In their report, the researchers also wonder that a close reading of published NSA leaks shows that the agency’s attacks on VPNs are regular with having achieved such a break. But, whether the NSA has actually used Logjam to interrupt data merely remains speculation as of now.

What can be done to avoid such attacks?

The best solution to the Logjam vulnerability is to update all your programs and browsers immediately. All browsers like the Google, Microsoft, Mozilla, Apple and others are working on eliminating this vulnerability. So you continuously need to check for browser updates for your home or business devices. In addition, if you are running a web server or mail, you have to disable support for export cipher suites and also form a unique 2048-bit Diffie-Hellman.

What do you need to do?

While there is nothing fixed that you can do to combat Logjam, one major safety measure you should take is change all your online passwords right away. This will make sure that if any of the services you use have been afflicted by Logjam, then at least your passwords will be secure. Apart from this, stay alert about any unusual thing on your accounts. If you feel anything is out of the ordinary, take the corrective steps as soon as possible. In addition, spread the word about Logjam and inform your friends and family persons as well.

Which online services and websites are affected?

While most of the websites that have been affected have taken necessary steps already, there are bound to be many more that are still working on it. If you use some of the following services then there is a big chance that your password and data may have been leaked.

  • Gmail
  • Facebook
  • Amazon
  • Instagram
  • SoundCloud
  • Yahoo Mail
  • Youtube
  • Flickr
  • Pinterest
  • Minecraft
  • Google
  • Wikipedia
  • Tumblr
  • Netflix
  • GoDaddy
  • Dropbox

As you can see, the list is quite big. There are several more websites that have been affected, so the potential harm here is considerable.

The online Antivirus software like Eset can also help you ascertain whether a particular URL is infected or not. If you perform online banking transactions, then it is highly recommended that you change your account details. For any assistance simply contact Eset Tech Support toll free number. The technicians working there are highly qualified and posses a good experience in offering tech support.