Not too long ago, back in August of 2016, Microsoft officially deprecated the RC4 encryption cipher on all of their operating systems. The impact of this was not very widespread as it was aging and had since been replaced by newer, better ciphers. It was easy enough for administrators to simply disable the cipher and mitigate any security risks. More recently, the SWEET32 attack has targeted any encryption cipher that uses a 64-bit block size; this includes the venerable Triple DES cipher, or 3DES as its better known.
3DES is a much more widely-used cipher and, on some not-so-old servers, some applications even depend on it (e.g. Remote Desktop). So this means that any “outward” facing server running 3DES is open to this attack. This issue may sound familiar to any businesses that have undergone a PCI Compliance scan from companies like Trustwave recently – this vulnerability will start showing up on these scans. Fortunately there are ways to patch, and successfully mitigate the threat. If your business is failing PCI compliance scans or you just want to make sure your servers are not vulnerable, contact us today and we will make sure you are secure.
Frankenstein Computers has been taking care of our happy clients since 1999. We specialize in IT Support, IT Service, MAC repair, PC Repair, Virus Removal, and much more.