Ethical Hacking Institute Course in Pune-India
Extreme Hacking | Sadik Shaikh

Patching the systems at risk due to massive transport layer security (TLS) vulnerability  which is known as DROWN is still having hard time providing complete protection. Two research firms , Netskope and Skyhigh Networks, says that a week after the vulnerability was identified DROWN still presents a high risk to companies.

According to Skyhigh Cloud Security Labs estimatation,  number of cloud services vulnerable to DROWN has only fallen from 653 to 620 (5.1 per cent) within the past week. It keeps DROWN’s patching responce good compared to similar vulnerabilities such as Heartbleed. One week after fixes for Heartbleed were made available, by comparison, the number of cloud services still vulnerable dropped 92.7 percent.

Netskope’s  researchers estimated that  676 Software-as-a-Service applications are vulnerable to a DROWN attacks. Two of those apps are considered as “high” risky, 42 apps are rated “mediocre” and the remaining as  “low”. Netskope’s app risk assessment is based on seven criteria including the apps financial viability, privacy implications and reliance on service level agreements.

Ravi Balupari, Netskope’s director of engineering and head of cloud security research, said the type of SaaS applications most vulnerable to DROWN are cloud storage, collaboration and HR related. Balupari said, Netskope began monitoring SaaS apps on last Monday and has seen the number of vulnerable servers drop about 10 percent each day.

“By the end of today we expect the number of DROWN vulnerable servers to drop to 564,” Balupari said. “That slow pace to patch servers is a concern. The rate at which we saw Heartbleed patched was much faster,” he said.

Sebastian Schinzel, professor at Münster University of Applied Sciences, Germany and one of the researchers that discovered the DROWN vulnerability, said he was bit surprised by the slow patch response to DROWN.

“Heartbleed and Logjam are still out there. DROWN is going to follow the same pattern,” Schinzel said. “Let’s say 33 percent of servers were vulnerable to DROWN and in a month the number drops to 3 percent. That 3 percent won’t go away until the hardware dies.”

Schinzel said researchers who discovered DROWN have been very pleased with the response they have seen from the DROWN alert it posted last week. Schinzel said he can’t confirm how many cloud services remain vulnerable. However, based on the numbers of companies that have scanned apps at test.drownattack.com “the response has been good,” Schinzel said.

www.extremehacking.org
CEHv9 CHFI ECSAv9 CAST ENSA CCNA CCNA SECURITY MCITP RHCE CHECKPOINT ASA FIREWALL VMWARE CLOUD ANDROID IPHONE NETWORKING HARDWARE TRAINING INSTITUTE IN PUNE,Certified Ethical Hacking, Center For Advanced Security Training in India, ceh v9 course in Pune-India,ceh certification in pune-India, ceh v9 training in Pune-India,Ethical Hacking Course in Pune-India