Microsoft Deals With FREAK Vulnerability
It is not just called the FREAK because it makes your computer freak out; nor is it called that because that is the common response to it, nor was it a “freak” accident that it happened. No, Microsoft has named a new Windows PC vulnerability “FREAK” because it is an acronym (sort of) for Factoring RSA EXPORT Keys.
This vulnerabilities allowed hackers to spy on what should have been secret communications as well as, of course, infect Windows PCs with malicious software.
A security advisory released over the weekend detailed that the bug was found within software that is used to encrypt data that passes between web servers and web users. At first officials thought it may have only affected mobile Android and Blackberry users as well as the Apple Safari web browser, but apparently it was slightly bigger than first anticipated.
The official statement reads: “Our investigation has verified that the vulnerability could allow an attacker to force the downgrading of the cipher suites used in an SSL/TLS connection on a Windows client system.”
“The vulnerability facilitates exploitation of the publicly disclosed FREAK technique, which is an industry wide issue that is not specific to Windows operating systems.”
While this sounds all official and serious, though, security experts argue that the vulnerability was not an easy one to exploit because it would still require even the best hackers hours to crack the encryption before they could utilize the system.
Accordingly, Ivan Ristic, the director of engineering for cybersecurity firm Qualys, comments, “I don’t think this is a terribly big issue, but only because you have to have many ducks in a row.”
I suppose that implies that this would have been a much bigger issue if the weakness were easier to exploit.