The Logjam exploit starts with a man in the middle attack. Whoever is seeking to access data with Logjam puts themselves between a user and the server, but continues to pass messages back and forth, picking them up on the way. Most modern servers use long algorithms to prevent anyone who isn’t on each end from un-encrypting the data, but the attacker can tell both the client and the server to lower the security level, turning that long algorithm into an easily hacked 512-bit prime number.
Once the 512-bit prime number, a relatively weak encryption method, is unlocked, the attacker has access to any data sent or received between the server and client. They might not even need to turn it down as low as 512 bits, since some research shows that national powers may already have the technology required to crack 768 and 1,024-bit prime numbers.
Thankfully, the fix for Logjam is a relatively simple one, and updates are already rolling out that take care of the issue. Most end users won’t need to do anything except update their browser to the latest version, which is always a good idea, anyway. If you’re running a server, either application or email, you just need to makes sure you’ve updated any libraries or applications you’re using.
If you’re still worried you might be vulnerable, there’s a handy page that will tell you whether your browser is safe or not.
Editors' Recommendations
- Use Comcast for internet? Your personal data may have been hacked
- MacBooks could finally get Face ID to boost your security
- Half of Google Chrome extensions may be collecting your personal data
- Are Windows 11 security features killing your gaming performance? You might be surprised
- This Microsoft Teams exploit could leave your account vulnerable
