Way back in the latter end of the last century - the 1990s, when Netscape browser was all the rage and - SSL (Secure Socket Layer) encryption was brand-spanking-new, the U.S. government wanted control over export of “weapons grade” encryption.
Its theory was that domestic communications could benefit from stronger, 128-bit encryption, but 'backdoors' should be available to U.S. intelligence and law enforcement when it came to foreign communications. Thus, the concept of weaker, “export grade” encryption was born.
Turns out that this legacy backdoor, a vulnerability that we’ve come to know as 'FREAK' still exists in up to 30 percent of web servers. It’s a sad example of how zombie security holes from the era of grunge can come back and bite us on the posterior.
Meanwhile, Apple and Google are saying they've developed fixes/patches - though we note Apple has yet to deploy - to mitigate the 'Freak' security flaw. Initially thought to be immune, Microsoft released an advisory which warned hundreds of millions of Windows PC users are also vulnerable to the security vulnerability :: Read the full article »»»»