Fortunately OpenSSL is publishing a fix on Tuesday – OpenSSL versions 1.0.2g, 1.0.1s – to deal with the protocol flaw. Many systems are vulnerable to an attack that may be comparable with Heartbleed. “This flaw is more than a product vulnerability; it’s a protocol flaw,” according to Ivan Ristic, a software engineer and founder of SSL Labs, “The impact is significant.”

Read the full One-third of all HTTPS websites open to DROWN attack story