Over a million developers have joined DZone.

Need Protection Against the DROWN Vulnerability?

DROWN is considered a serious security vulnerability that affects HTTPS users, allowing hackers to potentially break encryption and access sensitive information, including any communication between an end-user and a server.

· Cloud Zone

Download this eBook outlining the critical components of success for SaaS companies - and the new rules you need to play by.  Brought to you in partnership with NuoDB.


Image title

On Tuesday, OpenSSL issued a security advisory for the DROWN attack on SSLv2 (CVE-2016-0800).

DROWN is considered a serious security vulnerability that affects HTTPS users, allowing hackers to potentially break encryption and access sensitive information, including any communication between an end-user and a server.

We’ve all used HTTPS to gauge whether or not a website is secure, or at least safe to browse. Now that there has been another SSL attack, we’re paying more attention, learning quickly that HTTPS is not a guarantee of safety anymore. Understanding that we can’t trust HTTPS sites is a huge problem for our email, purchase, banking, and other common, daily internet activities.

CloudPassage Halo detects and alerts your security team to vulnerabilities like DROWN, ensuring that your company can quickly take proactive measures to avoid a security breach.

Specifically, CloudPassage Halo can:

  • Detect the released CVE-2016-0800, which will help organizations find systems that are vulnerable to this type of an attack
  • Inspect and scan your servers for specific services running, along with Halo’s configuration security management (CSM) module
  • Ensure that configuration of Microsoft or Linux applications are (or are not) running SSLv2
  • Verify proper configuration of Apache, Postfix, Nginx to be utilizing the proper SSL version

Want to learn more about how you can keep your organization protected? Visit cloudpassage.com/demo or contact 800-215-7404.

Originally posted on CloudPassage

Learn how moving from a traditional, on-premises delivery model to a cloud-based, software-as-a-service (SaaS) strategy is a high-stakes, bet-the-company game for independent software vendors. Brought to you in partnership with NuoDB.

Topics:
ssl ,openssl ,tls ,cloud ,security ,drown ,https ,encryption

Published at DZone with permission of Rich Gardner, DZone MVB. See the original article here.

Opinions expressed by DZone contributors are their own.

The best of DZone straight to your inbox.

SEE AN EXAMPLE
Please provide a valid email address.

Thanks for subscribing!

Awesome! Check your inbox to verify your email so you can start receiving the latest in tech news and resources.
Subscribe

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}