This week, researchers uncovered a bug in Web SSL protocols that, with a little manipulation, can be exploited to reveal personal and sensitive information.
When visiting a secure website, the information passed between sender and receiver is encrypted so that third parties cannot intercept the communication. The longer the encryption, the harder it is to crack.
The bug, now known as “logjam,” does not attempt to crack this communication directly; rather, it focuses on the key used to encrypt and decrypt the data transfer. By altering the key, cybercriminals can weaken the encrypted code strength, making it easier to decrypt. Doing so gives them access to passwords that can unlock all sorts of information.
The report suggests that roughly 8% of the top 1 million websites are vulnerable, along with some email servers, web servers, and other systems.
Companies who run web servers can follow instructions here to update their systems in an effort to overcome the logjam vulnerability. To further protect your company:
- Ensure employees are using strong passwords that are at least 8 characters long and contain a mix of upper and lower case letters, numbers, and special characters.
- Provide ongoing training of employees on information security best-practices.
- Maintain security patches and updates on all systems.
- Install robust network and data security equipment.
- Monitor systems for information security breaches.
For more information on ways you can reduce the risk of cyber threats, visit the Cyber Threats section of your portal or contact your Client Services representative.
Marlia Fontaine-Weisse is the Content Manager for Preparis.