Logjam: How to tell if your browser is vulnerable

Cousin of FREAK, the just-disclosed Logjam flaw has again sent browser makers and website administrators scrambling to craft and apply patches, a repeat of the March rush to shut down its predecessor.

The bug resides in the TLS (Transport Layer Security) protocol used to encrypt traffic between browsers and website servers. By interposing themselves between users and servers — the classic is a “man-in-the-middle” (MITM) attack at a public Wi-Fi hotspot — hackers can intercept that supposedly-secure traffic, then leverage the decades-old weakness to easily decipher it.

Like FREAK, Logjam — uncovered by an international team of experts, including ones from Microsoft, the University of Michigan and INRIA, a French research institute — is connected to long-discarded encryption standards, once the only ones eligible for export from the U.S.

To read this article in full or to leave a comment, please click here