Worried that you're vulnerable to Logjam, the latest hack that that lets attackers steal private information via your browser? Here's how to check whether you're at risk, and what Logjam does.
Logjam is similar to the recent FREAK attack that targeted browsers. It exploits a bug in TLS (Transport Layer Security) protocol that encrypts traffic between browsers and web servers. Attackers can use that bug to launch a man-in-the-middle attack that grabs traffic, then decrypts it. Everything you send over the Internet, they can see, including private information, passwords, and more.
Researchers who uncovered the flaw say that approximately 7 percent of all Web sites, and many mail servers are vulnerable.
Is your browser vulnerable? There's a simple way to find out. Simply visit the weakdh.org Web site. If your browser is vulnerable, you'll get a warning and be told to upgrade your browser to the latest version.
Unfortunately, as I write this that generally won't work. Most browsers have yet to issue patches that fix the Logjam vulnerability. I tried Chrome, for example, and no upgrades were available that fixed it. Computerworld reports that as of late Wednesday, the only browser that had been patched was Internet Explorer 11.
You can also check if a Web server is vulnerable. Head to the Guide to Deploying Diffie-Hellman for TLS, type in a server address, and you'll see whether it's vulnerable.