Logjam HTTPS exploit downgrades security to get at your data

researchers discover new https flaw but thankfully its easy to patch logjamhttpsheader
Dorn1530/Shutterstock
It seems like every day a new vulnerability is discovered in some Web protocol, and now researchers claim they’ve identified another. Logjam is a hole in the Diffie-Hellman key exchange protocol, a commonly used method of establishing a secure connection. It takes a bit of work to exploit, but with the right access, the bug can potentially spill sensitive data all over the place.

The Logjam exploit starts with a man in the middle attack. Whoever is seeking to access data with Logjam puts themselves between a user and the server, but continues to pass messages back and forth, picking them up on the way. Most modern servers use long algorithms to prevent anyone who isn’t on each end from un-encrypting the data, but the attacker can tell both the client and the server to lower the security level, turning that long algorithm into an easily hacked 512-bit prime number.

Once the 512-bit prime number, a relatively weak encryption method, is unlocked, the attacker has access to any data sent or received between the server and client. They might not even need to turn it down as low as 512 bits, since some research shows that national powers may already have the technology required to crack 768 and 1,024-bit prime numbers.

Thankfully, the fix for Logjam is a relatively simple one, and updates are already rolling out that take care of the issue. Most end users won’t need to do anything except update their browser to the latest version, which is always a good idea, anyway. If you’re running a server, either application or email, you just need to makes sure you’ve updated any libraries or applications you’re using.

If you’re still worried you might be vulnerable, there’s a handy page that will tell you whether your browser is safe or not.

Gaming

Hacker finds Steam bug that unlocks free games, collects $20K for reporting it

Security researcher Artem Moskowsky discovered a Steam bug that allowed him to generate infinite free keys for any game. Instead of abusing the exploit, Moskowsky reported it to Valve, which gave him a $20,000 reward.
Computing

Will Chrome remain our favorite web browser with the arrival of newest version?

Choosing a web browser for surfing the web can be tough with all the great options available. Here we pit the latest versions of Chrome, Opera, Firefox, Edge, and Vivaldi against one another to find the best browsers for most users.
Computing

Hacker infects 100K routers in latest botnet attack aimed at sending email spam

An attacker is trying to infect your router with malware in order to send spam emails. If your router uses a Broadcom UPnP SDK, it could become vulnerable to this attack. So far, 100,000 routers worldwide have been infected.
Computing

Want to set up your own virtual private network? Here's how

Take a look at our walkthrough for creating a virtual private network and why it is beneficial for more than just increased privacy and security. We go step by step, detailing how to set up a VPN in both MacOS and in Windows 10.
Computing

A dead pixel doesn't mean a dead display. Here's how to repair it

Dead pixel got you down? We don't blame you. Check out our guide on how to fix a dead pixel and save yourself that costly screen replacement, or an unwanted trip to your local repair shop.
Computing

Great PC speakers don't need to break the bank. These are our favorites

Not sure which PC speakers work best with your computer? Here are the best computer speakers on the market, whether you're working with a tight budget or looking to rattle your workstation with top-of-the-line audio components.
Computing

Printing to PDF in Windows is easy, no matter which method you use

Microsoft's latest operating system makes it easier than ever to print to PDF in Windows, but there are alternative methods for doing so, even if you want to forgo Adobe Acrobat. Here's how.
Computing

These are the 5 best free antivirus apps to protect your MacBook

Malware protection is more important than ever, even if you eschew Windows in favor of Apple's desktop platform. Thankfully, protecting your machine is as easy as picking from the best free antivirus apps for Mac suites.
Computing

These laptop bags will keep your notebook secure wherever you go

Choosing the right laptop bag is no easy feat -- after all, no one likes to second-guess themselves. Here are some of the best laptop bags on the market, from backpacks to sleeves, so you can get it right the first time around.
Computing

These Windows 10 keyboard shortcuts will update your OG Windows skills

Windows 10 has many new features, and they come flanked with useful new keyboard shortcuts. Check out some of the new Windows 10 keyboard shortcuts to improve your user experience.
Computing

Protecting your PDF with a password isn't difficult. Just follow these steps

If you need to learn how to password protect a PDF, you have come to the right place. This guide will walk you through the process of protecting your documents step-by-step, whether you're running a MacOS or Windows machine.
Computing

Don't know what to do with all your old DVDs? Here's how to convert them to MP4

Given today's rapid technological advancements, physical discs are quickly becoming a thing of the past. Check out our guide on how to convert a DVD to MP4, so you can ditch discs for digital files.
Computing

Here’s how to install Windows on a Chromebook

If you want to push the functionality of your new Chromebook to another level, and Linux isn't really your deal, you can try installing Windows on a Chromebook. Here's how to do so, just in case you're looking to nab some Windows-only…
Deals

Black Friday 2018: The best deals so far

Black Friday is the biggest shopping holiday of the year, and it will be here before you know it. If you can't wait until November 23 to start formulating a shopping plan, we've got you covered.