return icon Vietnamnet.vn

‘Drown’ vulnerability threatening computer systems

The Bach Khoa Anti-virus Center (BKAV), the leading internet security group, has warned that hundreds of important systems in Vietnam are at risk of having clients’ information stolen through vulnerability Drown on websites using https protocol. 
VietNamNet Bridge - The Bach Khoa Anti-virus Center (BKAV), the leading internet security group, has warned that hundreds of important systems in Vietnam are at risk of having clients’ information stolen through vulnerability Drown on websites using https protocol. 

{keywords}

Financial institutions account for the highest proportion, 58 percent, of the systems, followed by oil & gas firms at 21 percent, while 11 percent is in industrial and consumer goods enterprises.


BKAV’s vice president Ngo Tuan Anh confirmed that hundreds of systems in Vietnam may be attacked when hackers exploit Drown vulnerability. This is described as a low-cost attack allowing hackers to steal users’ important information, including personal information, passwords and credit card details.

Financial institutions account for the highest proportion, 58 percent, of the systems, followed by oil & gas firms at 21 percent, while 11 percent is in industrial and consumer goods enterprises. Five percent of systems belong to businesses in technology and telecommunications and another 5 percent in transport and tourism.

Also according to Anh, it is more difficult to exploit Drown vulnerability than Heartbleed, because hackers have to stay in connection between servers and users. However, he affirmed that the risk of hackers exploiting the vulnerability to steal users’ information is probable.

Therefore, administrators need to immediately disable SSLv2 (Secure Sockets Layer) to ensure safety for their systems.

Anh stressed that the vulnerability can only affect the systems and the servers of businesses and institutions that provide finance and e-commerce services. Service providers have the responsibility of taking measures to prevent and patch the vulnerability in order to protect customers.

Hundreds of important systems in Vietnam are at risk of having clients’ information stolen through vulnerability Drown on websites using https protocol. 
However, users also need to be watchful over the problem. If they find the information about the access to the services that they don’t use, they should check and report to service providers.

Prior to that, on February 2, 2016, many security websites in the world warned that 11 million websites and email services protected by SSLv2 and 1/3 of the servers using https protocol were vulnerable to the attacks through Drown vulnerability. These include the websites of giants such as Yahoo and Samsung.

Drown stands for ‘Decrypting RSA with Obsolete and Weakened eNcryption’.
Drown is a cross-protocol attack that exploits weaknesses in the SSLv2 implementation, affecting the encrypted connections such as https and other services based on SSL and TLS. These protocols are used to encrypt data in services like ebanking and e-commerce. They are also used at many agencies which allow their staffs to access internal apps and work from a distance via internet.

According to thehackernews.com, users can find out if their website is vulnerable to this critical security hole using the Drown attack test site.

Researchers have uncovered the Drown security hole and a patch for the vulnerability has been made available.


Buu Dien


MORE NEWS

Aviation ground services to go-green to meet compliance

The Civil Aviation Authority of Vietnam (CAAV) is collecting comments on a draft circular stipulating that all businesses in the sector must have a plan to convert ground vehicles from fossil fuels to electric.

President visits, offers condolences to widow of late PM Abe Shinzo

President Nguyen Xuan Phuc visited and offered condolences to Abe Akie, the widow of late Japanese Prime Minister Abe Shinzo, at her home on September 28.

VIETNAM BUSINESS NEWS SEPTEMBER 28

US firm pours capital in cross-border e-commerce project in Binh Duong

VIETNAM NEWS HEADLINES SEPTEMBER 28

PM requests prompt measures to overcome Typhoon Noru’s consequences

Dim outlook for domestic auto component industry

Vietnamese automotive component industry has a dim outlook for growth as it lags behind those in many other regional countries, according to the Ministry of Industry and Trade (MoIT).

Animated series seeks to change stereotypes on Vietnamese products

Wolfoo, a YouTube children’s animated web series, which has reached more than 2 billion views a month, has changed the world’s stereotypes on Vietnamese products.

VN banking prospects from now to the end of the year

Under the circular, the State Bank of Vietnam told banks to reschedule debt repayments to help customers affected by the COVID-19 pandemic until June 30 this year.

JPMorgan: 65% of AirPods production to be located in Vietnam in 2025

JPMorgan analyst expects 20 percent of iPad, 5 percent of MacBook, 20 percent of Apple Watch and 65 percent of AirPods production to be located in Vietnam in 2025.

US$2.3 billion withdrawn from stock market, investors begin to worry

Concerns are increasing in the stock market after the State Bank of Vietnam (SBV) raised regulating interest rates and withdrew VND56 trillion (over US$2.3 billion) last week.

Teacher Nguyen Ngoc Ky writing with feet passes away

This morning, 75-year-old teacher Nguyen Ngoc K, who inspired many generations of students with his determination to rise up in life, passed away at his home in Thu Duc City.

Typhoon Noru passes through central Vietnam

Super typhoon Noru swept through central Vietnam on September 27 night and early September 28, bringing strong winds and torrential rains.

Discovering craft villages in Buddhist centre in Quang Ninh

Coming to Yen Tu relic site in Quang Ninh province – Vietnam’s major Buddhist centre, tourists can also experience traditional crafts such as making hats, bamboo handicrafts, and wood carvings.

Ministry drafts mechanism to adjust average retail power price

The Ministry of Industry and Trade (MoIT) is drafting a Prime Minister's Decision on the mechanism for adjusting the average retail electricity price.

Foreign investment disbursement hits record high in nine months

Disbursement of foreign direct investment (FDI) in the first nine months of this year reached 15.4 billion USD, up 16.2 % year-on-year and marking a record high, a report from the Foreign Investment Department (FIA) has shown.

Foreign Minister Bui Thanh Son pays visit to Germany

Minister of Foreign Affairs Bui Thanh Son paid an official visit to Germany from September 26-27 at the invitation of his German counterpart Annalena Baerbock.
back_to_top