New encryption flaw, LogJam, puts Web surfers at risk
Computer security experts said they’ve found a new encryption flaw closely related to one found earlier this year that puts Web surfers’ data at risk.
The flaw, called LogJam, can allow an attacker to significantly weaken the encrypted connection between a user and a Web or email server, said Matthew D. Green, an assistant research professor in the department of computer science at Johns Hopkins University.
About 7 percent of websites on the Internet are vulnerable to LogJam along with many email servers. A website has been set up with more information.
Green was part of a team including experts from the University of Michigan and the French research institute Inria who found LogJam a few months ago.