Petronella Blog Archive

Visit our New Blog

Web and Mail Servers Threatened by Logjam HTTPS Bug

Blog Post

Another major flaw in SSL has been discovered.  This one could affect tens of thousands of servers.

Called Logjam, the bug affects the algorithm in SSL that allows popular protocols like IMAP, HTTPS, secure POP3, SMTPS, SSH, StartTLS to create their secure connections.  The exploit allows hackers to downgrade the level of security and make it much easier to attack a system, and the more computing power at the disposal of the hacker, the stronger encryption they can break.

As much as people in tech and internet industries tend to denigrate Internet Explorer, it is the only browser, as of this writing, that has been updated to protect against Logjam so far, though the researchers who found the bug are working with developers of other browsers as well.  You can check to see if your browser is vulnerable here.  

Logjam originated with mandates the US government put on developers who wanted to ship their software overseas in order to allow the FBI and other security agencies to break encryption on foreign computers.