“FREAK” Security Flaw Discovered Lurking In Many Computers For Decades, Apple Promises Fix Next Week



Ugh — another week, another nasty widespread security bug to worry about. The twist this time: this one has apparently been around since the 90s.

Dubbed “FREAK” by the researchers who discovered it, the exploit allowed researchers (and potentially hackers) to sniff traffic going to and from many otherwise encrypted websites — including some government sites — thanks to some stuff left behind from the 90s.

Here’s the issue, as I understand it:

  • Up until 1999 or so, the US government forbade companies from shipping any products overseas that contained strong encryption. “Export-grade” (that is, weak and breakable) encryption was okay, though.
  • In the 90s, this encryption was more than enough to evade anyone who didn’t have access to a supercomputer. Nowadays, as Ed Felten points out, that’s anyone who knows their way around Amazon’s EC2.
  • These restrictions were lifted around 1999 — but somehow these weaker “export-grade”…

View original post 221 more words

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s