CATEGORIES
home News

Freaky, Sticky Logjam Browser Exploit Putting Users And Sites At Risk

by Brandon HillWednesday, May 20, 2015, 03:30 PM EDT

Where’s Jackie Treehorn when you need him? There’s a new browser exploit that’s making the rounds across the internet, and it’s capable of some pretty nasty stuff. Closely related to the FREAK exploit that we detailed a few months back, Logjam works its magic by using a main-in-the middle attack on the Diffie-Hellman protocol, downgrading vulnerable transport layer security (TLS) connections to just 512-bits of encryption — skilled hackers could crack 512-bit encryption keys in mere minutes.

According to WeakDH, the Logjam exploit affects 0.2 percent of the top one million domains on the web. That puts roughly 20,000 sites at risk. But there’s both good news and bad news with regards to tackling Logjam. The good news is that software companies behind the world’s most popular web browsers are working to patch the exploit in their products. Of the major web browsers currently on the market, only Microsoft has already issued a path to kill Logjam in its Internet Explorer browser. However, Google, Mozilla, and Apple are all working furiously to release patches to address Logjam in Chrome, Firefox, and Safari respectively.

13334048894 001d3e53d1 z
(Source: Flickr/Yuri Samoilov)

For its part, Firefox security chief Richard Barnes told The Wall Street Journal, “It’s a twitchy business, and we try to be careful. The question is: How do you come up with a solution that gets as much security as you can without causing a lot of disruption to the Internet?” 

The last part of Barnes’ statement gets to the bad news with regards to the Logjam fix. Websites and email servers that have not been updated to address Logjam on their end will be inaccessible via fully patched web browsers. Luckily, researchers indicate that changing a few lines of code is all that’s needed to squash Logjam once and for all. You can visit WeakDH’s site to see if your site is affected and how to patch things up.

It isn’t believed that anyone has actually used Logjam to carry out attacks on sites or Internet surfers, which is good to hear. And that fact that browsers makers have committed to addressing the matter and that that fix for site admins is relatively minor gives us hope that we’ll all just ride through this briar patch unscathed.

Tags:  Encryption, freak, weakdh, logjam, tls, diffie-hellman
TOP CONVERSATIONS
Your Next PC Platform?
More Results
KEEP INFORMED
SITE

Home

Reviews

News

Blogs

Full Site

Sitemap

CATEGORIES

PC Components

Systems

Mobile

IT Infrastructure

Leisure

Videos

COMPANY

About

Advertise

News Tips

Contact

Privacy And Terms

HotTech

MORE

Accessibility

Shop

STAY CONNECTED

Twitter

Facebook

YouTube

RSS

As an Amazon and Howl Technologies Associate, HotHardware earns a commission from qualifying purchases made on this site. This site is intended for informational and entertainment purposes only. The contents are the views and opinion of the author and/or his associates. All products and trademarks are the property of their respective owners. Reproduction in whole or in part, in any form or medium, without express written permission of Hot Hardware, Inc. is prohibited. All content and graphical elements are Copyright © 1999 - 2024 David Altavilla and Hot Hardware, Inc.
All rights reserved. Privacy and Terms - Accessibility Commitment