The TOR browser is now using search.disconnect.me as the default search engine. I noticed they were offering TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x33) with 1024 bits Diffie-Hellman key exchange and using common primes.
The client would have to elect to use this weak cipher or be downgraded to use it.
This is a nation state level threat allowing passive eavesdropping. Leaked agency documents point to this having been achieved.
The vulnerability and threat is explained at weakdh if your not familiar with it. I notified disconnect.me on the 4th Jan 2016. They responded immediately and fixed it on the 8th Feb 2016. Other than this little hick-up they look good to me!
Nathan
Guarantee Your Cyber Security Career with the StationX Master’s Program!
Get real work experience and a job guarantee in the StationX Master’s Program. Dive into tailored training, mentorship, and community support that accelerates your career.
- Job Guarantee & Real Work Experience: Launch your cybersecurity career with guaranteed placement and hands-on experience within our Master’s Program.
- 30,000+ Courses and Labs: Hands-on, comprehensive training covering all the skills you need to excel in any role in the field.
- Pass Certification Exams: Resources and exam simulations that help you succeed with confidence.
- Mentorship and Career Coaching: Personalized advice, resume help, and interview coaching to boost your career.
- Community Access: Engage with a thriving community of peers and professionals for ongoing support.
- Advanced Training for Real-World Skills: Courses and simulations designed for real job scenarios.
- Exclusive Events and Networking: Join events and exclusive networking opportunities to expand your connections.
TAKE THE NEXT STEP IN YOUR CAREER TODAY!
Thank You
After sharing this with my uni study group, we’re all aboard the Nathan express. Choo choo!