Skip to main content

How safe is your site from a ‘Drown hack’ attack?

With digital security on the forefront of global consciousness, a new report suggesting that “thousands of popular sites” might be vulnerable to one type of cyberattack has raised alarm bells.

According to experts, the so-called Drown attack is a “serious vulnerability that affects HTTPS and other services that rely on SSL and TLS, some of the essential cryptographic protocols for Internet security.” With this sort of attack, hackers would be able to “break the encryption and read or steal sensitive communications, including passwords, credit card numbers, trade secrets, or financial data.” Most terrifying of all, it is estimated that 33 percent of HTTPS servers are vulnerable.

Recommended Videos

Luckily, there is a fix available, and it’s already been disseminated to help site administrators add an extra layer of security to their online domains. Still, it will take time to fully implement, and in the meantime, the hackers may still have access to a significant chunk of the Internet.

“What is shocking about this is that they [the hackers] have found a way to use a very old fault that we have known about since 1998,” Professor Alan Woodward of the University of Surrey told the BBC. “And all this was perfectly avoidable. It is a result of us having used deliberately weakened encryption, which people broke years ago, and it is now coming back to haunt us.”

So what can you now do? The researchers studying the issue note that, “To protect against Drown, server operators need to ensure that their private keys are not used anywhere with server software that allows SSLv2 connections. This includes web servers, SMTP servers, IMAP and POP servers, and any other software that supports SSL/TLS.” Drownattack.com also provides a form to “check whether your server appears to be exposed to the attack.”

Ultimately, a complete solution requires some expertise. “Operators of vulnerable servers need to take action,” the researchers wrote. “There is nothing practical that browsers or end-users can do on their own to protect against this attack.”

Lulu Chang
Fascinated by the effects of technology on human interaction, Lulu believes that if her parents can use your new app…
Here’s how to get your free 40% performance boost from AMD
AMD RX 6600 XT on a wooden backdrop.

If you own an AMD Radeon RX 6000-series graphics card, you're in for a treat. The entire RDNA 2 range just got an unexpected performance boost that might actually make quite a difference in gaming.

The latest driver release, now available to everyone, is said to improve the ray tracing performance of RX 6000 GPUs by up to 40%. Here's everything you need to know.

Read more
Here’s how you could protect your RTX 4090 from melting
The RTX 4090 graphics card on a table alongside a set of cables held in hand.

Reports about melting connectors and adapters on the Nvidia GeForce RTX 4090 are still popping up every so often, and we still haven't had an official statement from Nvidia on the matter. However, tech experts from around the globe are trying to find the cause of the problem.

This time around, a power supply expert from Corsair released a lengthy explanation of what might be happening. According to JonnyGuru, the issue is not caused by a faulty connector but rather by user error. The fix is rather simple.

Read more
This game lets hackers attack your PC, and you don’t even need to play it
Genshin Impact characters.

Hackers have been abusing the anti-cheat system in a massively popular game, and you don't even need to have it installed on your computer to be affected.

The game in question is called Genshin Impact, and according to a new report, hackers are able to utilize the game's anti-cheat measures in order to disable antivirus programs on the target machine. From there, they're free to conduct ransomware attacks and take control of the device.

Read more