Items tagged with freak

Where’s Jackie Treehorn when you need him? There’s a new browser exploit that’s making the rounds across the internet, and it’s capable of some pretty nasty stuff. Closely related to the FREAK exploit that we detailed a few months back, Logjam works its magic by using a main-in-the middle attack on the Diffie-Hellman protocol, downgrading vulnerable transport layer security (TLS) connections to just 512-bits of encryption — skilled hackers could crack 512-bit encryption keys in mere minutes. According to WeakDH, the Logjam exploit affects 0.2 percent of the top one million domains on the web. That puts roughly 20,000 sites at risk. But there’s both good news and bad news with regards to tackling... Read more...
There's a time and place to get your freak on, unless you're talking about FREAK, the newly discovered encryption flaw that was initially thought to only affected Android and iOS devices. It turns out that the vulnerability also affects all supported releases of Windows. That's the bad news. And the good? Microsoft and Apple have both released updates to plug the security hole. "This security update resolves a vulnerability in Microsoft Windows that facilitates exploitation of the publicly disclosed FREAK technique, an industry-wide issue that is not specific to Windows operating systems," Microsoft said in a security bulletin. "The... Read more...
Bad news, Windows users. Remember that old bit of code that was causing new headaches for iOS and Android device owners? Dubbed "FREAK," it was initially thought that the exploit only affected some mobile browsers, but that's no longer the case. Microsoft has issued a security advisory (3046015) warning that FREAK also affects all supported releases of Windows. "Our investigation has verified that the vulnerability could allow an attacker to force the downgrading of the cipher suites used in an SSL/TLS connection on a Windows client system," Microsoft said. "The vulnerability facilitates exploitation of the publicly disclosed FREAK technique, which is an industry-wide issue that is not specific... Read more...
An old software flaw is giving Apple and Google new headaches. Browsers on some Android and iOS devices are susceptible to the “Factoring attack on RSA-EXPORT Keys” exploit known as FREAK. Both companies have developed fixes for the problem, but those fixes haven’t reached users yet.  The issue stems from an old U.S. government policy related to encryption. Spy agencies were worried about strong encryption (so not much has changed), particularly from foreign computers. So, weaker encryption was required until the late 1990s. But the old encryption ended up in some software, especially outside the U.S., and ended up being included in browsers on certain Android and Apple devices. And... Read more...