LogJam Exposed: 575 Cloud Services Potentially Vulnerable to Man-in-the-Middle Attacks

CLOUD SECURITY ALLIANCE | MAY 21, 2015

By Sekhar Sarukkai, VP of Engineering, Skyhigh Networks 

LogJam, the latest in a spate of web vulnerabilities, was exposed on Tuesday evening by a team including Mathew Green, assistant research professor at Johns Hopkins University, experts from University of Michigan and the University of Pennsylvania, and researchers from Microsoft Research and INRA, who were part of the team that initially discovered the FREAK vulnerability. The vulnerability is derived from an encryption flaw, essentially created by USGov requirements. Specifically, any servers that support export grade DHE cipher suits are vulnerable to LogJam.

 

https://blog.cloudsecurityalliance.org/2015/05/21/logjam-exposed-575-cloud-services-potentially-vulnerable-to-man-in-the-middle-attacks/

Until websites convert to Hackproof Technologies new server technology these security issues will continue. 

The Main Cyber Threats to Web Sites and Visitors

Based on and quotes from an article by Symantec - CSO | The Resource for Data Security Executives

"Cyber attackers are leapfrogging defenses in ways companies don't even have the insight to anticipate"

Phishing attacks and their highly targeted siblings spear-phishing attacks involve targeted messages being sent to individuals, But there are attacks on websites instead of people that affect every visitor. And you may not be aware your website is spreading malicious infections!

"In a watering hole attack attackers infiltrate places people go. For example, they might inject a vulnerability into a website they know their visits. This bypasses the measures put in place to block malicious email.

"A variation of this is bad actors infiltrating software used in specific industries with malicious payloads. For example, if a mining company uses a specific application, a hacker could infect that software at the developer’s site so that the malicious payload enters the mining company through a seemingly legitimate channel." [Key chain attack]

http://www.cso.com.au/article/574103/defence-key-living-modern-threat-environment-symantec/

Because GPUs can NEVER be completely protected website owners will ALWAYS be playing catch-up and endangering their visitors (Paraphrase from Dr.M)

There IS a solution on the way...

Just-released WordPress 0day makes it easy to hijack millions of websites [Updated] | Ars Technica

Just-released WordPress 0day makes it easy to hijack millions of websites

Exploit code lets attackers gain administrative control sans authorization

http://arstechnica.com/security/2015/04/27/just-released-wordpress-0day-makes-it-easy-to-hijack-millions-of-websites/

Update - apparently fixed.