By Brad Jones
The Internet is a constantly evolving complex of technology, and with more users than ever relying upon it on a daily basis, that’s never been more true than today. Unfortunately, the ways and means that malicious parties target people and services via the Internet is also in a constant state of growth.
Often, the people working to protect users and those looking to take advantage of them find themselves responding to each other’s efforts. Now, it seems that the latter are finding a way to perform attacks thanks to the venerable RC4 cipher.
RC4 is a stream cipher first designed in 1987 that became very popular thanks to its speed, but that has received widespread criticism in recent years as a result of its vulnerabilities. Companies including Mozilla and Microsoft have recommended that it’s best to disable RC4 wherever possible to avoid leaving systems open to attack.
It was previously believed that this sort of breach would require 2,000 hours of data collection time to carry out, but researchers have found a way to execute an attack with as little as 52 hours, according to an article by the Tech Report. This makes the method more attractive than ever to hackers, and presents a serious concern for system administrators still using RC4.
Many security organizations have been attempting to curb RC4 usage for years, and this development would seem to be the final nail in its coffin. While figures for RC4 usage have certainly shown a drop since these efforts started, there’s now more of an impetus than ever to accelerate the process.
For more information on the reasons to drop RC4, as well as in-depth guide on how to do so, visit Microsoft’s documentation on the subject on the company’s Security Research and Defense Blog.