Jump to content

How to Check Your Browser for the Logjam Vulnerability


Batu69

Recommended Posts

Logjam-2-350x200.png

​A new vulnerability known as “Logjam” which allows the exploitation of secure TLS connections has been uncovered and it affects most popular browsers. Here’s how Weakdh.org describes it:


​The Logjam attack allows a man-in-the-middle attacker to downgrade vulnerable TLS connections to 512-bit export-grade cryptography. This allows the attacker to read and modify any data passed over the connection. The attack is reminiscent of the FREAK attack, but is due to a flaw in the TLS protocol rather than an implementation vulnerability, and attacks a Diffie-Hellman key exchange rather than an RSA key exchange. The attack affects any server that supports DHE_EXPORT ciphers, and affects all modern web browsers.

​There are currently two sites you can visit to automatically check your browser for the Logjam vulnerability:

  • https://weakdh.org/ – if you visit this site and receive the following message, then your browser is vulnerable:

lagjam-report-1-640x105.png

https://www.ssllabs.com/ssltest/viewMyClient.html – similarly, this site will display the following message if your browser is vulnerable:

logjam-report-2-640x155.png

​According to reports, the Logjam vulnerability won’t be patched in Firefox until the release of version 39. However, a temporary fix has been published on the Mozilla forum for Firefox users which involves accessing “about:config” and disabling the ssl3 protocol:

  1. In a new tab, type or paste about:config in the address bar and press Enter. Click the button promising to be careful.​
  2. In the search box above the list, type or paste ssl3 and pause while the list is filtered
  3. Double-click the security.ssl3.dhe_rsa_aes_128_sha preference to switch it from true to false (this usually would be the first item on the list)
  4. Double-click the security.ssl3.dhe_rsa_aes_256_sha preference to switch it from true to false (this usually would be the second item on the list)
  5. Restart Firefox

I applied both changes myself and visited the two aforementioned sites again, both reported a clean bill of health.

For any browsers that are being reported as vulnerable, I strongly suggest users keep a close eye out for updates and apply same as soon as they become available.

More information here: The Logjam (and Another) Vulnerability against Diffie-Hellman Key Exchange – (security expert Bruce Schneier reports that the vulnerability may have been exploited by the NSA)

http://www.davescomputertips.com/latest-security-vulnerability-logjam-affects-most-browsers/

Link to comment
Share on other sites


  • Replies 7
  • Views 2.5k
  • Created
  • Last Reply
knowledge-Spammer

security expert Bruce Schneier reports that the vulnerability may have been exploited by the NSA)

​ :o

Link to comment
Share on other sites


security expert Bruce Schneier reports that the vulnerability may have been exploited by the NSA)

​ :o

It would take NSA or some other big outfit to preform such on a mass scale . And there's far more easy ways for them to do it . Only way they would use this exploit if there was no other easier way . Its been around since 95 so if they was going get you with it . Its already too late. Also you know why browsers didn't patch this fast its not big deal like other SSL bugs were . You just about have to be in a cyber cafe with a hacker on the same network and you have be there target . Its more of a threat to websites than end users .

Even Edward Snowden said :

All I can say is that I share their suspicions, but I simply do not know the answer one way or another. I don't want to mislead anybody by speculating.

​But tell there is hardcore proof its no more than a conspiracy theory. Like the one about Jim Morrison faked his own death . ;)

Link to comment
Share on other sites


I have the latest FireFox and it fails..It says to update..Update to what??????

Link to comment
Share on other sites


I have the latest FireFox and it fails..It says to update..Update to what??????

Update this

  1. In a new tab, type or paste about:config in the address bar and press Enter. Click the button promising to be careful.​
  2. In the search box above the list, type or paste ssl3 and pause while the list is filtered
  3. Double-click the security.ssl3.dhe_rsa_aes_128_sha preference to switch it from true to false (this usually would be the first item on the list)
  4. Double-click the security.ssl3.dhe_rsa_aes_256_sha preference to switch it from true to false (this usually would be the second item on the list)
  5. Restart Firefox

temporary fix in Firefox until the release of version 39.

Link to comment
Share on other sites


I have the latest FireFox and it fails..It says to update..Update to what??????

Update this

  1. In a new tab, type or paste about:config in the address bar and press Enter. Click the button promising to be careful.​
  2. In the search box above the list, type or paste ssl3 and pause while the list is filtered
  3. Double-click the security.ssl3.dhe_rsa_aes_128_sha preference to switch it from true to false (this usually would be the first item on the list)
  4. Double-click the security.ssl3.dhe_rsa_aes_256_sha preference to switch it from true to false (this usually would be the second item on the list)
  5. Restart Firefox

temporary fix in Firefox until the release of version 39.

I have given up on Firefox and completely removed it from one of my systems. Either this vulnerability is not serious (which to me every vulnerability is serious) or that Mozilla simply doesn't care for the users' security like it should. I get this feeling that Firefox isn't being supported/maintained like it used to.

Link to comment
Share on other sites


Find this on

https://ssllocker.com/ChromeLocker.html 

or

work chrome chromium.

create shortcut on desktop edit properies in target after all one space

paste this

--ssl-version-min=tls1.2 --use-spdy=off --use-system-ssl --ssl-version-min=tls1.0 --cipher-suite-blacklist=0x0005,0x0004,0xc007,0xc011 --cipher-suite-blacklist=0x000a,0x002f,0x009c,0x0005,0x0004,0xc007,0xc011,0xcc15,0x009e,0x0033,0x0039 --disable-java --disable-logging --dns-prefetch-disable --disable-voice-input --disable-sync --disable-sync-backup --disable-sync-app-list --disable-sync-rollback --disable-sync-rollback --disable-bundled-ppapi-flash --disable-breakpad --disable-async-dns --disable-background-networking --disable-credit-card-scan --disable-drop-sync-credential --disable-preconnect --disable-suggestions-service --disable-save-password-bubble

For me working said if working for you

Link to comment
Share on other sites


I have the latest FireFox and it fails..It says to update..Update to what??????

Update this

  1. In a new tab, type or paste about:config in the address bar and press Enter. Click the button promising to be careful.​
  2. In the search box above the list, type or paste ssl3 and pause while the list is filtered
  3. Double-click the security.ssl3.dhe_rsa_aes_128_sha preference to switch it from true to false (this usually would be the first item on the list)
  4. Double-click the security.ssl3.dhe_rsa_aes_256_sha preference to switch it from true to false (this usually would be the second item on the list)
  5. Restart Firefox

temporary fix in Firefox until the release of version 39.

Thanks this worked on for me :)

Link to comment
Share on other sites


Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...