How to Protect Yourself from LogJaM Vulnerability

Introduction

A Logjam vulnerability has been uncovered yesterday. The Logjam flaw, just like FREAK, is present in TLS (Transport Layer Security protocol) that is responsible for encrypting traffic between websites and browsers. Using logjam vulnerability now hackers can use a simple Man-In-The-Middle (MITM) attack to intercept traffic and data transferred between those two nodes. After interception data may be easily decrypted.

Similarly to FREAK, Logjam is closely related to discarded encryption standard utilizing Diffie-Hellman key of 1990’s, when US posed restriction on exporting crypto tools. Logjam tricks web servers into thinking that it is using a strong/modern encryption level, when in reality it does not.

Currently only Internet Explorer 11 is patched and is not vulnerable to flaw, hopefully other browsers will do the same soon.

Reccomendation: 

Browser – In order to check if your browser is vulnerable please head to weakdh.org, if a message says “Good News! Your browser is safe against the Logjam attack!” that you are good to go, but if not you should update your browser at the first possibility.

Web server – Read a complete technical document at https://weakdh.org/imperfect-forward-secrecy.pdf or head to https://weakdh.org/sysadmin.html for guidelines.

(These URL’s may be down for you since many people are visiting it)

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.