Protective steps to help avoid a Logjam attack

Posted By David Pollino In Your Business | 1 Comment

The Internet vulnerability known as Logjam is 20 years old, but that doesn’t mean you should consider it yesterday’s news.

Two men in front of business servers, inspecting a technical equipment item. [1]Researchers from several organizations [2] — including the University of Michigan and French research institute INRIA — have found that hackers could use a type of Logjam attack to decipher private information on about 7% of the top 1 million websites. Through such an attack, cybercriminals could see private communications or payment information that has been encrypted. For more details, Phys.org has an easy-to-understand technical explanation of the vulnerability [3].

For business owners and consumers, there are a few steps you can take to protect yourself, your business, your customers, and business partners.

(At Bank of the West, we have updated our security monitoring systems to detect suspicious activity related to this vulnerability. And we are encouraging our users to update their browsers to a version not vulnerable to this attack — see below for more detail.)

If you’re a business owner, and your business runs a server:

If you have a Web server or a mail server, you should disable support for export cipher suites and generate a unique 2048-bit Diffie-Hellman group. For a detailed explanation of steps to help protect your servers, read this “Guide to Deploying Diffie-Hellman for TLS [4].”

If you use a browser or you have employees who use a browser at work:

Make sure your computers are using the most current version of your browser, whether you use Microsoft Internet Explorer, Mozilla Firefox, Apple Safari, or Google Chrome. Check for updates frequently.

Have questions or suggestions about Logjam? Post questions or thoughts in the comments section, and I’ll respond.


Article printed from Bank of the West: https://changematters.bankofthewest.com

URL to article: https://changematters.bankofthewest.com/2015/05/27/protective-steps-to-help-avoid-a-logjam-attack/

URLs in this post:

[1] Image: http://blog.bankofthewest.com/wp-content/uploads/2015/05/biz_computer_assist_crop.jpg

[2] Researchers from several organizations: https://weakdh.org/imperfect-forward-secrecy.pdf

[3] technical explanation of the vulnerability: http://phys.org/news/2015-05-logjam-isnt-vulnerable-internet-threats.html

[4] Guide to Deploying Diffie-Hellman for TLS: https://weakdh.org/sysadmin.html

Submit an Idea

[contact-form-7 id="32" title="Share An Idea"]

You are leaving the Bank of the West Change Matters site. Please be aware: The website you are about to enter is not operated by Bank of the West. Bank of the West does not endorse the content of this website and makes no warranty as to the accuracy of content or functionality of this website. The privacy and security policies of the site may differ from those practiced by Bank of the West. To proceed to this website, click OK, or hit Cancel to remain on the Bank of the West Change Matters site.