What is Drown Attack?

-

What is Drown Attack?

Drown is a serious and vulnerable attack which targets HTTPS and affects TLS and SSL(protocols used in encryption of data) which are based on HTTPS, so that no third party can read your data, across the Internet while communicating with server to authenticate your identity or to send messages, files and emails to a particular server. To breach that encryption or secure channel, drown attack is used.

Drown is a vulnerable attack which is designed to target HTTPS protocol suite system like SSL and TLS, these protocols are used for encryption purpose while communicating over Internet, these protocols provides a secure channel to communicate with server . When a user communicates with server and enters its sensitive information like Credit card number, CVV, Pins and other data like emails, instant messages, all of these are encrypted over a channel to provide customer security, so that no third party or intruder can breach the security to gain access on it or to read a private conversation.

In a Drown attack an intruder or attacker breaches the HTTPS protocol or encryption to read or gain access over sensitive information, while you are doing online shopping, emails and messaging, and exchanging your sensitive information like Credit card no., CVV and other pins.

How Drown attack takes place?


Drown attack takes place in two manners like,
1. When a server allows SSLv2 connection to the server. Where SSLv2 is a weak encryption method which is easy to breach now.
2. When a server uses the same private key to its web server and its web mail server drown attack takes place. In most of the cases many companies use same certificate and private key on web and mail server. In case email server allows SSLv2 connection while web server allow TLS connection. A hacker can take advantages of SSLv2 enabled server to break TLS encryption.

A user or a Browser can’t do anything in Drown Attack only operator of the vulnerable server can take care in order to stop drown attack, by making sure that all SSLv2 connection has been disabled onto that server, and only TLS connections are allowed on that servers.

keep learning from computerflicks because it is beyond computing.

Comments

Post a Comment

Popular posts from this blog

How do you host your website on free web hosting services or free web hosting sites?

-
What is web hosting? If you have a website, which is basically a collection of static or dynamic web pages and you want to make your site data public then you need a server which can store your pages in it, so that these pages can be invoked by users. You can also use your system as a server to host your site on your own computer. But you have some limitations when you host your site on your own computer as follow: 1. You need high speed internet to make your site available on the internet every time or 24x7. 2. If your site is dynamic and store some sort of user information then you need a proper backup for your site, which is costly. The alternate of the above process is to host your site on the paid or free web hosting companies . There is a list of paid and free hosting companies. Paid Service Web Hosting Companies 1. Hostgator.com 2. Bigrocks.com 3. Godaddy.com 4. Bluehost.com Free Service ...
Read more

What is NFC?

-
Image
NFC(Nearest Field Communication) NFC stands for Nearest Field Communication, is a technology included in mobile phones mainly high end smart phones to communicate with the nearest device by means of just tapping your device with another one which is also NFC enabled in order to transmit your data from one device to another in a very fast and efficient way. NFC is more than that in some countries. It is about to replace your debit and credit cards with your mobile phone. Now your mobile phone is going to become more smarter than traditional smart phones. NFC is an advanced version of RFID which stands for Radio Frequency Identification. In future NFC enabled devices would be everywhere to provide you convenience so that you can handle your data transfer, toll tax transactions, shopping in the malls and also from your computer to handle your transaction in few seconds and in many cases without your intervention. This technique is mainly a part of "on the go" technology...
Read more

Meaning of ping, Ip config, Trace-rt and netstat commands in Networking.

-
In the field of networking, sometimes some basic commands are very necessary to keep in mind because they help us to Know a lot of things like how to get the Ip address of a URL?, How to check that there is a connection established between client and server ?, How to trace the route of packets or get the IP address of the routers through your packet is coming ?, How to know your IP and MAC address ? and How to get the IP address of any system connected in a LAN (Local Area Network) ? So let me explain each of them one by one in this post. PING PING stands for Packet Internet Gopher and it is a utility software of windows operating system and often used to check the connection establishment between your PC and server e.g, it may your ISP's (Internet Service Provider) Server, if you are unable to use Internet while using broadband service you can ping your ISP server to get the connection. Basically it is used to estab...
Read more