Virtual Data Room Blog

Security Update (Logjam flaw) - EthosData Virtual Dataroom

Jun 3, 2015 3:07:34 PM / by Francisco Lorca

Data_Security_Virtual_Data_Room_Provider

Several weeks ago it was discovered that a new vulnerability, which allows a downgrade attack against the TLS protocol itself called Logjam, which exploits EXPORT cryptography.

This vulnerability does not affect EthosData´s virtual data room. Our servers infrastructure and encryption communication does not allow to downgrade attacks as it have a strong 2048-bit encription key exchange parameters (Diffie-Hellman key exchange).

A group from INRIA, Microsoft Research, Johns Hopkins, the University of Michigan, and the University of Pennsylvania published a deep analysis of the Diffie-Hellman algorithm as used in TLS and other protocols. 

Rather like the FREAK flaw discovered earlier this year, Logjam is actually an ancient problem introduced in SSL that was inherited by TLS, and has only been unearthed now.

For more information (and guidance), you can follow the recommendations here: https://weakdh.org/

Security is paramount for virtual data room clients. We make a very significant investment in security for our virtual data room, both in terms of technology and processes. We will continue to do so and continuously monitor all external threats and potential bugs to maintain our service secure.

 

 

Topics: Dataroom Security, Data Security