A new vulnerability in apple and google devices browsing the internet is discovered. Vulnerabiltiy is due to the US govt. software policy which forces companies to use weaker security encryption due to national security issues.
Till now no hacker found exploiting this but it enables an attacker to eavesdrop on a victim.
University of Michigan computer scientist Zakir Durumeric said the vulnerability affects Apple web browsers and the browser built into Google’s Android software, but not Google’s Chrome browser or current browsers from Microsoft or Firefox-maker Mozilla. “This was a policy decision made 20 years ago and it’s now coming back to bite us,” said Edward Felten, a professor of computer science and public affairs at Princeton, referring to the old restrictions on exporting encryption code.
The exploit takes about seven hours to carry out and costs as little as $100 per site. The so-called FREAK attack—short for Factoring attack on RSA-EXPORT Keys—is possible when an end user with a vulnerable device—currently known to include Android smartphones, iPhones, and Macs running Apple's OS X operating system—connects to a vulnerable HTTPS-protected website. Vulnerable sites are those configured to use a weak cipher that many had presumed had been retired long ago. At the time this post was being prepared, most Windows and Linux end-user devices were not believed to be affected.
A client-testing feature on the above-referenced FREAKAttack.com site shows that Firefox for both OS X and Android isn't vulnerable, so users of those platforms should use that browser until more information is known. Green said that Google is in the process of delivering a version of Chrome for Macs that is immune to the attack, so Mac users should look out for that, as well. More info:waploft
Free English Music: webmusic
Till now no hacker found exploiting this but it enables an attacker to eavesdrop on a victim.
University of Michigan computer scientist Zakir Durumeric said the vulnerability affects Apple web browsers and the browser built into Google’s Android software, but not Google’s Chrome browser or current browsers from Microsoft or Firefox-maker Mozilla. “This was a policy decision made 20 years ago and it’s now coming back to bite us,” said Edward Felten, a professor of computer science and public affairs at Princeton, referring to the old restrictions on exporting encryption code.
The exploit takes about seven hours to carry out and costs as little as $100 per site. The so-called FREAK attack—short for Factoring attack on RSA-EXPORT Keys—is possible when an end user with a vulnerable device—currently known to include Android smartphones, iPhones, and Macs running Apple's OS X operating system—connects to a vulnerable HTTPS-protected website. Vulnerable sites are those configured to use a weak cipher that many had presumed had been retired long ago. At the time this post was being prepared, most Windows and Linux end-user devices were not believed to be affected.
A client-testing feature on the above-referenced FREAKAttack.com site shows that Firefox for both OS X and Android isn't vulnerable, so users of those platforms should use that browser until more information is known. Green said that Google is in the process of delivering a version of Chrome for Macs that is immune to the attack, so Mac users should look out for that, as well. More info:waploft
Free English Music: webmusic
0 comments:
Post a Comment