We're In This Logjam Thanks To Outdated Cryptography Policy
The latest encryption vulnerability, Logjam, exists thanks to software policy of the 1990s.By Evan Thomas | May 21, 2015
A team of security researchers has found tens of thousands of websites and servers could be at risk from Logjam, a new encryption attack based on an old security mindset.
Logjam is a man-in-the-middle attack in which attackers can monitor and modify supposedly secure traffic over transport layer security, or TLS. That HTTPS on Google, for example, is one type of TLS.
Logjam targets servers using the Diffie-Hellman key exchange. Attackers can "downgrade" the encryption strength of any affected system to make it easier to crack. (Video via Adrian et al.)