Microsoft Deals With FREAK Vulnerability – Pioneer News

Microsoft Deals With FREAK Vulnerability – Pioneer News.

 

Microsoft Deals With FREAK Vulnerability

It is not just called the FREAK because it makes your computer freak out; nor is it called that because that is the common response to it, nor was it a “freak” accident that it happened. No, Microsoft has named a new Windows PC vulnerability “FREAK” because it is an acronym (sort of) for Factoring RSA EXPORT Keys.

This vulnerabilities allowed hackers to spy on what should have been secret communications as well as, of course, infect Windows PCs with malicious software.

A security advisory released over the weekend detailed that the bug was found within software that is used to encrypt data that passes between web servers and web users. At first officials thought it may have only affected mobile Android and Blackberry users as well as the Apple Safari web browser, but apparently it was slightly bigger than first anticipated.

The official statement reads: “Our investigation has verified that the vulnerability could allow an attacker to force the downgrading of the cipher suites used in an SSL/TLS connection on a Windows client system.”
Microsoft Satya Nadella“The vulnerability facilitates exploitation of the publicly disclosed FREAK technique, which is an industry wide issue that is not specific to Windows operating systems.”

While this sounds all official and serious, though, security experts argue that the vulnerability was not an easy one to exploit because it would still require even the best hackers hours to crack the encryption before they could utilize the system.

Accordingly, Ivan Ristic, the director of engineering for cybersecurity firm Qualys, comments, “I don’t think this is a terribly big issue, but only because you have to have many ducks in a row.”

I suppose that implies that this would have been a much bigger issue if the weakness were easier to exploit.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s