Protective steps to help avoid a Logjam attack
The Internet vulnerability known as Logjam is 20 years old, but that doesn’t mean you should consider it yesterday’s news.
Researchers from several organizations — including the University of Michigan and French research institute INRIA — have found that hackers could use a type of Logjam attack to decipher private information on about 7% of the top 1 million websites. Through such an attack, cybercriminals could see private communications or payment information that has been encrypted. For more details, Phys.org has an easy-to-understand technical explanation of the vulnerability.
For business owners and consumers, there are a few steps you can take to protect yourself, your business, your customers, and business partners.
(At Bank of the West, we have updated our security monitoring systems to detect suspicious activity related to this vulnerability. And we are encouraging our users to update their browsers to a version not vulnerable to this attack — see below for more detail.)If you’re a business owner, and your business runs a server:
If you have a Web server or a mail server, you should disable support for export cipher suites and generate a unique 2048-bit Diffie-Hellman group. For a detailed explanation of steps to help protect your servers, read this “Guide to Deploying Diffie-Hellman for TLS.”If you use a browser or you have employees who use a browser at work:
Make sure your computers are using the most current version of your browser, whether you use Microsoft Internet Explorer, Mozilla Firefox, Apple Safari, or Google Chrome. Check for updates frequently.
Have questions or suggestions about Logjam? Post questions or thoughts in the comments section, and I’ll respond.