A new vulnerability dubbed DROWN, has been discovered

by | Mar 7, 2016 | Security

Know the latest in cyber threats; protect your business against DROWN

We have been advised by our IT security partner, Network Box, that a new cyber threat has been detected: DROWN, which stands for Decrypting RSA with Obsolete and Weakened eNcryption. For you techies, it is a cross-protocol attack that exploits weaknesses in SSLv2 to decrypt TLS sessions from up-to-data clients. This could enable hackers to intercept and decrypt HTTPS connections. For example, that would allow passwords, credit card numbers, emails, and sensitive documents, to be stolen if DROWN is successful.

So, how serious is DROWN? It is estimated that up to one third of HTTPS servers are vulnerable.  While that is dire, the good news is Network Box USA systems have not been affected by DROWN. That said, current Network Box clients should note:

  • All Network Box 5 internal services are hardened against such attacks and are not vulnerable to the Drown SSL vulnerability in any way or form. If you are using the SSL offloading feature, vulnerable SSL servers will also be protected by the Network Box 5 proxy.
  • Regarding Network Box 3 clients: In default configuration, you are not vulnerable to the Drown SSL vulnerability. Services such as my.network-box.com are hardened against such attacks by default. Please note: There is a service option on the SMTP server to use SSL. Network Box Security Response has already released security patches to mitigate this potential vulnerability.
YOU MIGHT ALSO LIKE:  How healthcare vulnerabilities hurt patients and the bottom line

To protect your SSL servers, we recommend considering the Network Box USA Cloud WAF platform. This platform offers a SSL offload option, which can protect your servers from these types of vulnerabilities.

If you would like to discuss DROWN or the general cyber health of your company, please contact us at Invenio IT. We are a NY-based IT firm, specializing in Network Security and Business Continuity.

Tracy Rock is the Director of Marketing at Invenio IT. Tracy is responsible for all media-related initiatives as well as external communications—including, branding, public relations, promotions, advertising and social media. She is one busy lady and we are lucky to have her!