Logjam HTTPS exploit downgrades security to get at your data

researchers discover new https flaw but thankfully its easy to patch logjamhttpsheader
Dorn1530/Shutterstock
It seems like every day a new vulnerability is discovered in some Web protocol, and now researchers claim they’ve identified another. Logjam is a hole in the Diffie-Hellman key exchange protocol, a commonly used method of establishing a secure connection. It takes a bit of work to exploit, but with the right access, the bug can potentially spill sensitive data all over the place.

The Logjam exploit starts with a man in the middle attack. Whoever is seeking to access data with Logjam puts themselves between a user and the server, but continues to pass messages back and forth, picking them up on the way. Most modern servers use long algorithms to prevent anyone who isn’t on each end from un-encrypting the data, but the attacker can tell both the client and the server to lower the security level, turning that long algorithm into an easily hacked 512-bit prime number.

Once the 512-bit prime number, a relatively weak encryption method, is unlocked, the attacker has access to any data sent or received between the server and client. They might not even need to turn it down as low as 512 bits, since some research shows that national powers may already have the technology required to crack 768 and 1,024-bit prime numbers.

Thankfully, the fix for Logjam is a relatively simple one, and updates are already rolling out that take care of the issue. Most end users won’t need to do anything except update their browser to the latest version, which is always a good idea, anyway. If you’re running a server, either application or email, you just need to makes sure you’ve updated any libraries or applications you’re using.

If you’re still worried you might be vulnerable, there’s a handy page that will tell you whether your browser is safe or not.

Web

Shutdown makes dozens of .gov websites insecure due to expired TLS certificates

The US government shutdown is causing trouble in internet security. As the shutdown enters day 22, dozens of government websites have been rendered insecure or inaccessible due to expired transport layer security (TLS) certificates.
Computing

Delete tracking cookies from your system by following these quick steps

Cookies are useful when it comes to saving your login credentials and other data, but they can also be used by advertisers to track your browsing habits across multiple sites. Here's how to clear cookies in the major browsers.
Computing

Lost your router? Here's how to find its IP address to help track it down

Changing the login information for your router isn't always easy, that's why so many have that little card on the back. But in order to use it, you need to know where to go. Here's how to find the IP address of your router.
Computing

Is your PC slow? Here's how to restore Windows 10 to factory settings

Computers rarely work as well after they accumulate files and misconfigure settings. Thankfully, with this guide, you'll be able to restore your PC to its original state by learning how to factory reset Windows.
Computing

How to share an external hard drive between Mac and Windows

Compatibility issues between Microsoft Windows and Apple MacOS may have diminished sharply over the years, but that doesn't mean they've completely disappeared. Here's how to make an external drive work between both operating systems.
Computing

Should you buy the affordable MacBook Air, or is the MacBook Pro worth the price?

Though they both share Retina Displays and similar keyboards, there are still some specs differences and other changes that differentiate the new 2018 MacBook Air and MacBook Pro. In this guide, we stack the two up against each other.
Emerging Tech

CES 2019 recap: All the trends, products, and gadgets you missed

CES 2019 didn’t just give us a taste of the future, it offered a five-course meal. From 8K and Micro LED televisions to smart toilets, the show delivered with all the amazing gadgetry you could ask for. Here’s a look at all the big…
Computing

Chip off the auction block – Intel’s i9-9990XE may be sold to the highest bidder

Intel's alleged Core i9-9990XE may only be sold at auction to OEMs, meaning that only a few of the 14-core, 28-thread, 5GHz CPUs will ever see the light of day in specific devices and systems.
Android

Mobile World Congress (MWC) 2019: Complete Coverage

There's no bigger show for mobile tech geeks than Mobile World Congress in Barcelona, Spain: where flagship phones are born and intriguing new wearables shine. And this year, where foldable phones and 5G are likely to dominate the news. For…
Computing

Google is giving its G Suite web apps new touches of visual improvements

Your G Suite applications will soon have a different look. Several of the web apps are getting updated with subtle visual improvements inspired by Google's Material Design guidelines. 
Computing

Hackers are scoring with ransomware that attacks its previous victims

Computer viruses are always evolving. In a new one, dubbed "Ryuk," hackers are targeting PCs with ransomware that scours an infected network in order to pinpoint and attack and enterprises with big money.
Computing

An update to Microsoft To-Do will help you keep up with your resolutions

If you're looking to stay productive in 2019, you might want to check out the freshly updated Microsoft To-Do app, now with additional integration with the Windows 10 Start Menu and more.
Computing

Want to save a webpage as a PDF? Just follow these steps

Need to quickly save and share a webpage? The best way is to learn how to save a webpage as a PDF file, as they're fully featured and can handle images and text with ease. Here's how.
Computing

Could the next Microsoft HoloLens be announced at MWC 2019?

After not having a presence at Mobile World Congress for three years, Microsoft is now sending out media invites for a press conference on February 24 during the annual event in Barcelona. Could a next-generation HoloLens be on the way?