yitit
Home
/
Computing
/
New HTTPS exploit leaves hundreds of sites vulnerable, but there’s an easy fix
New HTTPS exploit leaves hundreds of sites vulnerable, but there’s an easy fix-April 2024
Apr 19, 2025 12:58 AM

  ronstik / 123RF.comResearchers at INRIA, the French national research institute for computer science, have devised a new way to decrypt secret cookies which could leave your passwords vulnerable to theft.

  Karthikeyan Bhargavan and Gaetan Leurent, have devised and carried out an attack – in a crypto research lab – which can pirate traffic from over 600 of the web’s most popular sites and lay bare your previously secure login information.

  Recommended Videos

  The exploit, dubbed ‘Sweet32’, isn’t easy to carry out, however. It involves mining hundreds of gigabytes of data, and targeting specific users who have accessed a malicious website which saddled them with a bit of malware. Still, the difficulty in carrying out the attack is outweighed by just how completely it subverts some of the internet’s most common encryption schemes.

  Related

  Hackers now exploit new vulnerabilities in just 15 minutes Spectre looms again as another exploit leaves Intel CPUs vulnerable

  While the attack is very difficult to carry out in practice, the existence the exploit has security experts on the OpenSSL development team taking notice.

  By mining HTTPS or OpenVPN encrypted traffic, the researchers were able to use a mathematical paradox to identify portions of encrypted information and decipher login and password credentials in their entirety.

  Don’t panic just yet, security experts speaking with Ars Technica are convinced that the threat posed by the exploit is minimal, in part due to the fact that it’s got a relatively simple fix.

  The key vulnerability exploited in the secret-cookie-decryption-scheme is only found in 64-bit block ciphers, which OpenVPN developers have already addressed in the most recent version of their VPN software. Other security experts speaking with Ars have confirmed that the exploit poses little threat as long as developers get on board and stop using 64-bit block ciphers like Triple DES, or ‘3DES’.

  “The 3DES issue is of little practical consequence at this time. It is just a matter of good hygiene to start saying goodbye to 3DES,” said Viktor Dukhovni, a member of the OpenSSL team.

Comments
Welcome to yitit comments! Please keep conversations courteous and on-topic. To fosterproductive and respectful conversations, you may see comments from our Community Managers.
Sign up to post
Sort by
Show More Comments
Computing
Recent News
internet service providers browsing data law
internet service providers browsing data law
National Advertising Review Boards ruling on Comcasts internet speed claims
National Advertising Review Boards ruling on Comcasts internet speed claims
What are 4 types of computer?
What are 4 types of computer?
Google’s AI just got ears
Google’s AI just got ears
About
Terms and Conditions Privacy policy Cookie Settings Contact Us
Services
Login register
yitit Hardware Computing Mobile Finance Software Deals
Links
zpostcode Recruit weather mreligion Yellowpages sport constellation shopping name game directory literature Word tour furnish Lottery tftnews lyrics News digital car dir Edu Finance
Copyright 2023-2025 - www.yitit.com All Rights Reserved