Beware! Your Web Browser Could Be Hit By a FREAK Attack!


Indusface issues a security warning elaborating on the latest findings about the ‘FREAK’ encryption bug 

The ‘FREAK’ encryption bug, which was earlier considered a threat to only certain mobile devices and Apple computers, can actually harm many more browsers and websites, warn experts. A new research by French scientists has shown that major SSL clients including OpenSSL can be compromised with this new vulnerability called the ‘FREAK’ (Factoring Attack on RSA-EXPORT) vulnerability. Indusface, a leading provider of application security solutions for web and mobile applications, has issued a security warning elaborating on the vulnerabilities and potential risks of this bug.

“Vulnerable websites and browsers can allow hackers to enter hundreds and thousands of computers. Attackers use old encryption ciphers and then decrypt messages, passwords and other information,” said the company in a statement issued today.

What this simply means is that when you visit any susceptible website for online shopping, conducting banking transactions or just browsing, hackers could sneak into your computers and access your confidential data.

The FREAK bug impacts the SSL (Secure Socket Layer) and the TLS (Transport Layer Security) cryptographic protocols and allows an attacker to intercept HTTPS connections, using weakened encryption to break into vulnerable devices.

Indusface recommends monitoring of server vulnerability for export keys of RSA and warns against use of weaker ciphers over SSL. The company  has also updated its ‘IndusGuard Web‘ scanners as well as ‘IndusGuard WAF‘ to ensure immediate detection as well as protection against the vulnerability.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: