Tech experts have issued a press release on Thursday informing people that the new LogJam Internet bug threatens users’ online security. The bug weakens the website security features enabling online attackers to read and even to alter the data users have written in emails and other online files.
The new LogJam bug is a powerful threat for virtual private networks which were initially considered to be the most secured websites as present. These Internet networks were usually used to protect users’ bank-related information, but the recent researchers have shown that VPNs are just as subjected to online attacks as other less protected websites.
The main culprit for this weakness is, according to engineers, the Diffie-Hellman system of keys. The encryption code, bearing the name of its inventor, used strong encryption keys to prevent hackers’ attacks. Things took an unexpected turn when developers noticed that the Diffie-Hellman code could be tricked into using weaker keys.
The finding was made after website developing experts closely looked at the protection provided by virtual protected networks. They have thus discovered several such websites that have been tricked by hackers with the help of the LogJam bug.
The Internet malicious file commands Diffie-Hellman to use weaker encryption codes instead of powerful ones. This modification enables hackers to quickly break the security system of the website and access all the Internet data of the users.
The security breach has been linked to the previous changes carried out by the National Security Agency. The agency used special programs to weaken VPNs in order to prevent possible terrorist attacks. Similar NSA endeavors took place in the 1990s, but they were abandoned because they did not comply with users’ right to anonymity.
The government is now trying to convince major software developers like Google, Microsoft, Apple and Mozilla to limit encryption on their operating systems. Despite the government’s implication, the aforementioned companies plan to maintain the same encryption codes for their devices as they are more interested in maintaining or gaining their customers’ trust.
As a consequence, Apple, Google, Mozilla and Microsoft have all hurried to respond to the LogJam Internet bug. The companies have stated that they will proceed in blocking small and weak Diffie-Hellman keys to strengthen VPNs’ security. However, these changes will make certain websites inaccessible to online users.
Around 20,000 websites will no longer be available to browser users once the developing companies change the Diffie-Hellman keys. For that matter, website administrators will have to change the codes of their website software, as well.
Image Source: Si Wsj