Nicknamed Logjam, the new attack is ‘special’ in that it may admit complete decryption or hijacking of any TLS connection you make to an improperly configured web or mail server.
Worse, there’s at least circumstantial evidence that similar (and more powerful) attacks might already be in the toolkit of some state-level attackers such as the NSA.
While the use of IPsec is sometimes the correct security solution, more information is needed to provide interoperable security solutions.
draft-bellovin-useipsec-02Status of this Memo This document is an Internet-Draft and is in full conformance with all provisions of Section 10 of RFC2026.
Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups.
Eduard Kovacs is an international correspondent for Security Week.Abstract The Security Considerations sections of many Internet Drafts say, in effect, "just use IPsec".While this is sometimes correct, more often it will leave users without real, interoperable security mechanisms.Security Tracker provides daily updating huge database to the users. Anyone can search the site for latest vulnerability information listed under various categories. Hackerstorm provides a vulnerability database tool, which allows users to get almost all the information about a particular vulnerability.Hackerstorm provides daily updates for free but source is available for those who wish to contribute and enhance the tool. Hackerwatch is not a vulnerability database, but it is a useful tool for every security researcher.