Ugh — another week, another nasty widespread security bug to worry about. The twist this time: this one has apparently been around since the 90s.
Dubbed “FREAK” by the researchers who discovered it, the exploit allowed researchers (and potentially hackers) to sniff traffic going to and from many otherwise encrypted websites — including some government sites — thanks to some stuff left behind from the 90s.
Here’s the issue, as I understand it:
- Up until 1999 or so, the US government forbade companies from shipping any products overseas that contained strong encryption. “Export-grade” (that is, weak and breakable) encryption was okay, though.
- In the 90s, this encryption was more than enough to evade anyone who didn’t have access to a supercomputer. Nowadays, as Ed Felten points out, that’s anyone who knows their way around Amazon’s EC2.
- These restrictions were lifted around 1999 — but somehow these weaker “export-grade”…
View original post 221 more words