Mozilla Reduces Threat of Export-Grade Crypto to Firefox

Logjam was one of several downgrade attacks discovered in the last 18 months that could theoretically allow a resourced attacker to take advantage of lingering export-grade cryptography to read and modify data over a supposedly secure connection. While the severity of this particular attack again...

SUSE-SU-2016:2209-1 Security update for libtcnative-1-0

This update for libtcnative-1-0 fixes the following issues: - Disable 512-bit export-grade cryptography to prevent Logjam vulnerability CVE-2015-4000 bsc938945...

Export-Grade Crypto Patching Improves

LAS VEGAS – The FREAK, LOGJAM and DROWN attacks of the last 17 months weren’t just the work of academics and security researchers who found a cool way to unmask encrypted traffic. They were ugly reminders of the Crypto Wars of the 1990s and why export-grade cryptography and intentional encryption...

DROWN Flaw Opens 33 Percent Of HTTPS Connections To Attack

Researchers revealed a massive transport layer security TLS vulnerability today that leaves millions of Internet users vulnerable to an attack that could expose passwords, credit card numbers and financial data. OpenSSL and others are urging companies to patch their web servers or risk exposure t...

NSS accepts export-length DHE keys with regular DHE cipher suites — Mozilla

Security researcher Matthew Green reported a Diffie–Hellman DHE key processing issue in Network Security Services NSS where a man-in-the-middle MITM attacker can force a server to downgrade TLS connections to 512-bit export-grade cryptography by modifying client requests to include only...

New Logjam Attack on Diffie-Hellman Threatens Security of Browsers, VPNs

Researchers have uncovered a flaw in the way that some servers handle the Diffie-Hellman key exchange, a bug that’s somewhat similar to the FREAK attack and threatens the security of many Web and mail servers. The bug affects all of the major browsers and any server that supports export-grade...