On March 1, 2016, the DROWN Attack was announced. DROWN is a serious vulnerability for services that rely on SSL and TLS, such as HTTPS, and are essential for Internet security. These cryptographic protocols allow users to browse, shop, message, and conduct business across the Internet without unknown third parties being able to intercept & read things like passwords, credit card numbers, or emails.
Popular sites such as groupon.com, buzzfeed.com, and blackboard.com are affected. (See a list of popular sites here.) More than 11 million sites are affected in total.
According to the research team, “There is nothing practical that web browsers or other client software can do to prevent a DROWN attack. Only server operators are able to take action to protect against the attack.”
On March 2, 2016, less than 24 hours after the announcement, QuadMetrics began releasing features for their Signet Scope subscribers to display any SSL/TLS servers affected by the vulnerability in the user interface, and alerted their users to the issue with an outline of actionable steps for mitigation.
DROWN attacks are the 3rd major Internet security vulnerability this year.
QuadMetrics is a holistic, dynamic and proactive approach to the management of cyber security risks faced by enterprise networks. An Internet data measurement and risk modeling company, QuadMetrics measures cyber risk and develops metrics that are useful in managing everyday enterprise risk.
To learn more about how QuadMetrics can help your organization with cyber security risk management, contact [email protected] or call 734.527.5785.