The Logjam exploit starts with a man in the middle attack. Whoever is seeking to access data with Logjam puts themselves between a user and the server, but continues to pass messages back and forth, picking them up on the way. Most modern servers use long algorithms to prevent anyone who isn’t on each end from un-encrypting the data, but the attacker can tell both the client and the server to lower the security level, turning that long algorithm into an easily hacked 512-bit prime number.
Once the 512-bit prime number, a relatively weak encryption method, is unlocked, the attacker has access to any data sent or received between the server and client. They might not even need to turn it down as low as 512 bits, since some research shows that national powers may already have the technology required to crack 768 and 1,024-bit prime numbers.
Thankfully, the fix for Logjam is a relatively simple one, and updates are already rolling out that take care of the issue. Most end users won’t need to do anything except update their browser to the latest version, which is always a good idea, anyway. If you’re running a server, either application or email, you just need to makes sure you’ve updated any libraries or applications you’re using.
If you’re still worried you might be vulnerable, there’s a handy page that will tell you whether your browser is safe or not.
Editors' Recommendations
- Use Comcast for internet? Your personal data may have been hacked
- How smart light bulbs could steal your password
- This critical exploit could let hackers bypass your Mac’s defenses
- Playing games in your browser is about to get a lot better
- AMD Ryzen Master has a bug that can let someone take full control of your PC
