Connect with us

HTTPS Vulnerability: Credit Card Details, Passwords, Emails, Messages Could Be Leaked

HTTPS Vulnerability: Credit Card Details, Passwords, Emails, Messages Could Be Leaked

Technology

HTTPS Vulnerability: Credit Card Details, Passwords, Emails, Messages Could Be Leaked

This HTTPS vulnerability is the most dangerous online security threat ever. You will once again be forced to question whether the personal details you give out for online transactions are safe. This has been a topic of debate ever since online transactions were born. The reports also say that not even Apple Pay is safe. Your details are not as secure as you would like them to be. Not just online transactions; even if you are using the internet without making a purchase, your emails, credit card details, passwords, IM messages, usernames, everything can now be hacked.

Even today, many servers are still supporting SSLv2. Reason? Misconfiguration. SSLv2 being from the 90s is insecure and can be easily broken. So if your server supports SSLv2, you too are at an “HTTPS vulnerability” or “Drown vulnerability” risk. In case your server isn’t using this age old connection, but is sharing a private key with another server that supports SSLv2, then too your system may be harmed. Right now, a number of well-known, reputed publications have been affected by HTTPS vulnerability. You will be shocked to know their names. Here they are:

  1. CNBC.com
  2. Yahoo.com
  3. Samsung.com
  4. Groupon.com
  5. FinalFantasyXIV.com
  6. USNews.com
  7. Flickr.com
  8. Alibaba.com
  9. Avast.com
  10. Nature.com
  11. NUS.edu.sg
  12. Stumbleupon.com
  13. DailyMotion.com
  14. Weather.com
  15. Weibo.com
  16. UNESCO.org
  17. Viber.com
  18. Apache.org
  19. xHamster.com
  20. EpochTimes.com, and many more

To check whether your system is affected by HTTPS vulnerability, the researchers have published a guide to help you out. Enter your IP address or domain on the site to check whether your server is vulnerable. Click here to check.

The researchers working on HTTPS vulnerability have said, “We have no reason to believe that Drown has been exploited in the wild prior to this disclosure. [But] since the details of the vulnerability are now public, attackers may start exploiting it at any time, and we recommend taking the countermeasures explained above as soon as possible.”

Also Read: Apple Says No To FBI; Makes Hacking Into iPhones Impossible

For more technology news, you can subscribe to our newsletter. If you are a social media junkie and would like to receive updates on your timeline, then you can also like us on Facebook or follow us on Twitter.

Continue Reading
You may also like...

About Shreya Naik

Shreya likes to keep herself updated about the happenings in the Tech world, and also to cover the tiniest of activity related to all the major players in the industry. You will find her writing mostly about upcoming gadgets, new releases, their reviews and other hot stories.

More in Technology

Good News

To Top