From a ZDNet article:
"The FREAK bug disclosed yesterday is the latest in a series of vulnerabilities affecting the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols used to encrypt traffic between an HTTPS website and a browser.
A man-in-the-middle attacker can force connections between affected browsers and websites to downgrade from 'strong' RSA encryption to a weaker version known as 'export grade' RSA. That weaker version is a by-product of laws from the 1990s that made it illegal to export from the US products with strong cryptography."
The gobbledygook goes on. The point is the defect was inserted in the code to comply with NSA requirements after 9/11. It impacts some Safari and some Android browsers.. Android will be patched before Safari. To see if you are impacted, run this: FREAKattack.com's client checker . Note that this actually runs the check and gives you the result. It is not a scam.
No comments:
Post a Comment