2015-03-03 19:22:40.790929+00 by Dan Lyke 0 comments
Ed Felten: FREAK Attack: The Chickens of ‘90s Crypto Restriction Come Home to Roost. Notes on why U.S. crypto policy has been harmful, spurred by the FREAK attack on SSL/TLS connections.
A group of cryptographers at INRIA, Microsoft Research and IMDEA have discovered some serious vulnerabilities in OpenSSL (e.g., Android) clients and Apple TLS/SSL clients (e.g., Safari) that allow a 'man in the middle attacker' to downgrade connections from 'strong' RSA to 'export-grade' RSA. These attacks are real and exploitable against a shocking number of websites -- including government websites. Patch soon and be careful.