
As of today only Internet Explorer has been updated to protect against Logjam, with fixes from Chrome, Firefox and Safari thought to be coming in the next few days.
The Logjam vulnerability is capable of breaking encryption to HTTPS supported websites, E-mail servers supporting SMTP with StartTLS, secure POP3, and IMAP. Additionally the researchers believe that 66 percent of VPN servers, and 26 percent of SSH servers are susceptible to passive eavesdropping. It is believed that this attack is already being used out in the wild by at least one state agency.
More information on the vulnerability can be found on a website that the developers have set up. They also include step by step instructions for server administrators to help sure they are not vulnerable. Additionally, the step by step includes a "Test A Server" function to make sure servers you care about are not vulnerable. Phoronix is not susceptible. Additional SSL configuration checking can be performed via SSL Labs.
14 Comments