One of the most famous mechanism (protocol) to create secure and encrypted communication with web sites, is the so called TLS.


2::Heartbleed
3::Drown attack
1::Zeus

This is not the correct answer. However, the Heartbleed bug has to do with security of OpenSSL (an open source tool implementing TLS). It is a programming error, first announced on the 07th April 2014 on the website

http://heartbleed.com/, allowing anyone to read the memory of the systems protected by the vulnerable versions of the OpenSSL software (and, thus, this answer can be considered as partially correct). Several popular online services were affected by Heartbleed; see for more information also the ENISA Flash Note: Heartbleed - A wake-up call here: https://www.enisa.europa.eu/publications/flash-notes/flash-note-heartbleed-a-wake-up-call.

However, today, sites have largely addressed Heartbleed.

The correct answer is the Drown attack. This attack enables an eavesdropper to capture and decrypt communication between a user and a https website which is supposed to be secure, in case that the TLS server used by the site supports the obsolete SSLv2, which is a predecessor to TLS. The DROWN attack is a strong reminder that obsolete cryptography is dangerous. No TLS server should use any version of SSL.

See for more information:

https://drownattack.com/

as well as the ENISA info note:

https://www.enisa.europa.eu/publications/info-notes/the-drown-attack

 

This is the correct answer. The Drown attack enables an eavesdropper to capture and decrypt communication between a user and a https website which is supposed to be secure, in case that the TLS server used by the site supports the obsolete SSLv2, which is a predecessor to TLS. The DROWN attack is a strong reminder that obsolete cryptography is dangerous. No TLS server should use any version of SSL.

See for more information:

https://drownattack.com/

as well as the ENISA info note:

https://www.enisa.europa.eu/publications/info-notes/the-drown-attack.

Note also that the Heartbleed bug has to do with security of OpenSSL (an open source tool implementing TLS). It was first announced in 2014 and affected a large number of TLS servers. Today, sites have largely addressed this bug. See for more information the ENISA Flash Note: Heartbleed - A wake-up call here:

https://www.enisa.europa.eu/publications/flash-notes/flash-note-heartbleed-a-wake-up-call

 

This is not the correct answer. Zeus is a known malware that tries to steal confidential information from the compromised computer. For more information, see here: https://en.wikipedia.org/wiki/Zeus_(malware)

The correct answer is the Drown attack. This attack enables an eavesdropper to capture and decrypt communication between a user and a https website which is supposed to be secure, in case that the TLS server used by the site supports the obsolete SSLv2, which is a predecessor to TLS. The DROWN attack is a strong reminder that obsolete cryptography is dangerous. No TLS server should use any version of SSL.

See for more information:

https://drownattack.com/

as well as the ENISA info note:

https://www.enisa.europa.eu/publications/info-notes/the-drown-attack

 


It is commonly used, for example, in e-commerce websites or online banking, to allow a secure communication between the user and the service computers. TLS is generally present whenever you see https instead of http in a web site.

In 2016 a security vulnerability has been found by researchers in several implementations of TLS; according to the researchers, 33% of the internet's reachable TLS servers were vulnerable to this attack.

What is the name which was given to this attack in TLS?