The DROWN attack on SSL/TLS has by now been pretty comprehensively covered both here and elsewhere. But two weeks after its announcement, it’s clear that it’s not being fixed very fast, at least compared to other recent SSL vulnerabilities like Heartbleed. Why not?
One possible explanation, based on the observation that DROWN exploits the long-deprecated SSLv2.0 protocol, is that a lot of these “vulnerable” servers are in fact honeypots: servers deliberately left vulnerable without real data on them to divert or gather intelligence on attackers. We’ve seen a lot of servers vulnerable to DROWN detected on our webtool at discovery.cryptosense.com in the least two weeks, and decided to follow up on some of them.