Floragasse 7 – 5th floor, 1040 Vienna

News

DROWN attack against TLS

Today a new attack against TLS was published, DROWN.

In essence, it allows attackers to decrypt strong TLS connections using TLS 1.2 and other versions, if the deprecated protocol SSLv2 is supported by the server. Previous work by SBA Research has shown that this is a particular problem for email servers.

Most questions are answered by the authors on their website. If you are further interested, please contact Martin Schmiedecker.