The LOGJAM vulnerability in brief…

[Read the full explanation ]

Q1. What is Logjam?

A1. Logjam is a vulnerability in TLS (also called SSL), the system that puts the “S” in “HTTPS” and the padlock in your browser, amongst other computer security tasks.

The vulnerability involves tricking a client (e.g. a web browser) and a server (e.g. a website) into using much weaker encryption that they intended, and then cracking the encryption to intercept their traffic.

That’s known as a “downgrade” attack, for obvious reasons.

Q2. What makes it work?

A2. “Logjamming” a server requires that the server will still accept an old-fashioned level of encryption called known as “export grade”.

Export-grade security levels were required by the US until 2000, and then discontinued because they were bad for security.

Most, if not all, software vendors breathed a sigh of relief and stopped using export grade encryption.

Q3. So why is Logjam possible?

A3. Unfortunately, some operating systems and applications never got around to removing the software components that actually make export mode work.

That left them open to potential downgrade attacks like Logjam.

Q4. What about Sophos products?

A4. Server products from Sophos (Secure Email Gateway, Secure Web Gateway, UTM & Next-Gen Firewall and Mobile Control) don’t accept export-grade connections.

So they can’t be Logjammed.

Q5. OK, I have to ask: why “Logjam”?

A5. The encryption algorithm that is attacked by the vulnerability uses mathematical calculations called discrete logarithms, known as “logs” for short.

The attack computes a special log, and uses it to jam bogus messages into your data to crack open your traffic, so it’s a “Logjam.” (Just so you know: we didn’t come up with the name.)

[Read the full explanation ]

What do you think?