Microsoft Security Advisory 3046015 (FREAK)

Started by Corrine, March 06, 2015, 03:33:38 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages1
User actions

Corrine

March 06, 2015, 03:33:38 AM
Microsoft released Security Advisory 3046015 which relates to the SSL/TLS issue referred being referred to as "FREAK" (Factoring attack on RSA-EXPORT Keys).

Most of the publicity surrounding FREAK has been addressing the vulnerability in the Safari, Chrome and Android browsers with OS X, iOS and Android.  However, the flaw also affects many popular websites.  As described in the Security Advisory:

Quote"The vulnerability could allow a man-in-the-middle (MiTM) attacker to force the downgrading of the cipher used in an SSL/TLS connection on a Windows client system to weaker individual ciphers that are disabled but part of a cipher suite that is enabled."

Additional references, including test sites for browser and website vulnerability, are available in my blog post here.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.
Print
Go Up Pages1
User actions