Logjam Security Bug

Logjam Security Bug

It seems like we just got over the Heartbleed, Shellshock, and Poodle security bugs, only now to see a new one show up called Logjam. A kissing cousin to the recent FREAK vulnerability, Logjam represents another major flaw with the SSL protocol that affects a number of fundamental Web services.

Logjam is a bug found in an algorithm called the “Diffie-Hellman key exchange” that helps create and negotiate secure connections on websites through your web browser or between your email program and an email server.  So there seems to be a bug in the way secure keys are generated between the user and the internet service. Security researchers from a number of universities and organizations discovered this vulnerability while testing this algorithm and published a technical report that details its flaws. The report shows that it is possible for a hacker (or man-in-the-middle) to capture your secure internet connection, downgrade it’s unbreakable security to a level that they then can decipher and read. And so it is estimated that about 10% of the top 1 million websites could be vulnerable, along with a huge number of email services and other systems.

For the average person, public Wi-Fi might pose the greatest risk for this particular bug like your local coffee shop Wi-Fi or the Wi-Fi at a hotel since hackers could tap into the shared Internet connection at these places and decipher your secure connection. This means the secure connection you have with your bank while doing online banking, your social media sites or really any encrypted connection while using your web browser or email isn’t that secure anymore and can be broken into to reveal your login details. So, at this point in time, it is unknown if anyone has tried to exploit this bug but I would imagine that if one security group figured out this weakness that hackers have been busy finding ways to exploit it.

To safeguard against this vulnerability, people will need to ensure they have the latest’s updates on their operating system and, most importantly for their web browser.  So for all the popular web browsers like Internet Explorer, Safari, Google Chrome, and Firefox, you want to make sure that they are updated to the latest version.  One quick way to check to see if your browser is the latest version is to visit the following site: https://whatbrowser.org.  Also, if you can check to see if your browser is vulnerable to Logjam  your can visiting the following website: https://weakdh.org.

Fox Business Interview With Dr. Andreas Gal




My Twitter Feed: