OpenSSL security hole enables an ancient, long deprecated security protocol, Secure Sockets Layer (SSLv2), to be used to attack modern web sites. An attack dubbed DROWN(Decrypting RSA with Obsolete and Weakened eNcryption), is estimated to be able to kill off at least one-third of all HTTPS servers.According to the researchers who found the flaw, that could amount to as many as 11.5 million servers.How bad is DROWN really? Some of Alexa’s leading web sites are vulnerable to DROWN-based man-in-the-middle attacks, including Yahoo, Sina, and Alibaba. In any case, if you use OpenSSL for security and many of you do, OpenSSL 1.0.2 users should upgrade to 1.0.2g. OpenSSL 1.0.1 users should upgrade to 1.0.1s. If you’re using another version move up to 1.0.2g or 1.0.1s.