At the moment, only Microsoft's Internet Explorer has been patched Cousin of FREAK, the just-disclosed Logjam flaw has again sent browser makers and website administrators scrambling to craft and apply patches, a repeat of the March rush to shut down its predecessor. The bug resides in the TLS (Transport Layer Security) protocol used to encrypt traffic between browsers and website servers. By interposing themselves between users and servers — the classic is a “man-in-the-middle” (MITM) attack at a public Wi-Fi hotspot — hackers can intercept that supposedly-secure traffic, then leverage the decades-old weakness to easily decipher it. Like FREAK, Logjam — uncovered by an international team of experts, including ones from Microsoft, the University of Michigan and INRIA, a French research institute — is connected to long-discarded encryption standards, once the only ones eligible for export from the U.S. Those encryption keys can be quickly broken with off-the-shelf software and computing power purchased from cloud services. Logjam is different from FREAK in that it lets attackers dupe a Web server into thinking it is using a stronger encryption key when it’s actually not. Logjammin’ the browser. On the client side, you can verify whether your browser is vulnerable by heading to weakdh.org, an informational site set up by the Logjam team. A message will appear, either “Good News! Your browser is safe against the Logjam attack!” or “Warning! Your web browser is vulnerable to Logjam and can be tricked into using weak encryption. You should update your browser.” Computerworld ran the Logjam test on the top browsers. As of early Wednesday, this was the result. At the moment, only Microsoft’s Internet Explorer (IE) — specifically IE11, which was the version tested by Computerworld — has been patched, although the researchers noted in their technical paper (download PDF) that other browser makers had been informed and are working on fixes. Microsoft patched IE last week with MS15-055, one of 13 bulletins issued May 12. Logjammin’ the server. Testing servers is more tedious. The Logjam team has published a page on how to deploy the at-root Diffie-Hellman key exchange, a popular cryptographic algorithm, and included a quick server test there. Enter a domain name of any website into the field to see the results. The preferred reply will be, “Good News! This site is safe from the Logjam attack. It supports ECDHE, and does not use DHE.” Related content news analysis Apple earnings: About that iPhone 'slump' in China Based on information from Thursday's earnings report, it seems that data pointing to an iPhone slump in China were over-baked. By Jonny Evans May 03, 2024 9 mins iMac iPhone Apple news Microsoft begins to phase out ‘classic’ Teams Microsoft is encouraging Teams customers to move to the new, faster version of the collaboration app; the older version will be switched off next year. By Matthew Finnegan May 03, 2024 3 mins Microsoft Teams Collaboration Software Productivity Software news analysis Apple confirms it will open up the iPad in Europe this fall The latest efforts to comply with Europe’s Digital Markets Act mean developers can offer to side load apps to both iPhones and iPads in the EU. Apple has also taken steps to improve what it offers to smaller and non-commercial developers in the By Jonny Evans May 02, 2024 6 mins iPad Apple Mobile Apps news Udacity offers laid-off US workers free access to its courses for 30 days Sign-ups will be available over the next 30 days By Lucas Mearian May 02, 2024 4 mins Technology Industry IT Jobs IT Skills Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe