Personal Authority: Use SSLv2 may be in conflict with the law




The Authority Personal warns that “increased attention” for organizations that still support SSL v2 and thus vulnerable to the recently discovered Drown attack. Nearly twenty percent of the websites of Dutch municipalities do not meet this requirement.

personal authority The Dutch privacy watchdog explains that in some cases organizations acting in violation of the DPA, if they support SSL v2. According to this law, organizations that process personal data including an obligation to protect them. Security researchers said earlier this week that support SSL v2 can ensure secure TLS connections can be decrypted. In this way, it would be for the attacker to make use of this Drown-attack also be possible to intercept personal information.

The regulator notes that the NCSC guidelines drawn up for the safe use of TLS and recommends to perform an update of OpenSSL, because also showed that some vulnerabilities in this software make it easier to run a Drown attack. The Authority Personal adds that determine the requirements for the protection of personal data depend on the sensitivity of personal data.

A study, which RTL Nieuws has done among the websites of 175 Dutch municipalities, shows that nearly twenty percent of them do not meet the requirement of the Personal Authority. They still use support for SSLv2. This is problematic, because in cases citizens online can often arrange personal data sent via these sites. In addition, sixteen sites would totally do not use a secure connection. It is not clear whether the Personal Authority will take action in response to these findings.

In: Technology & Gadgets Asked By: [18412 Red Star Level]

Answer this Question

You must be Logged In to post an Answer.

Not a member yet? Sign Up Now »