The Daily Dose

It feels like we just got over Heartbleed and there’s another branded exploit out there. DROWN, a new vulnerability in OpenSSL that affects servers using SSLv2, was revealed today as an attack that could decrypt your secure HTTPS communications, such as passwords or credit card numbers. More than 33 percent of servers are vulnerable — significantly less than Heartbleed, but still a surprisingly high number. Among those vulnerable at time of writing were Yahoo, Alibaba, Weibo, BuzzFeed, Weather.com, Flickr and Samsung. The vulnerability was revealed as part of an OpenSSL update today, so a patch is already available, but exploiting…

This story continues at The Next Web