A widespread, long-standing security flaw that allows attackers to decrypt HTTPS-protected traffic between certain device and potentially millions of websites has been uncovered by security researchers, reports Ars Technica.
Christened the FREAK attack (FREAK being an acronym for ‘Factoring RSA Export Keys’), researchers discovered that they were able to launch an attack from seemingly secure websites – from US government sites to banks – forcing browsers to use a markedly weaker form of encryption. This weaker 512-bit key could be broken within seven hours, and could cost as little as $100 per website, reckons Ars Technica. Furthermore, it could potentially launch a stronger attack on affected sites by appropriating elements of a page – such as a Like button on Facebook.
FREAK attack: security vulnerability breaks HTTPS protection
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.