It seems like every few months a new SSL vulnerability is pointed out – which I suppose makes sense with the recent popularity that SSL has gotten. Thanks Google. Alas let’s welcome FREAK – a new man-in-the-middle vulnerability discovered by a group of cryptographers at INRIA, Microsoft Research and IMDEA.

FREAK stands for “Factoring RSA-EXPORT Keys” which currently affects OpenSSL, Apple’s Secure Transport and Windows Secure Channel clients only. Basically users of Android mobiles, Apple Macs, iPhones and iPads, and Windows platforms are the ones really impacted. Red Hat servers seem to be good to go as none of them utilize the affected version of OpenSSL which hasn’t been patched already.

Webmasters & server techs take note – OpenSSL released a patched version on the 19th which you should update your servers to if you’re utilizing an affected OpenSSL version.

Published by Michael Boguslavskiy

Michael Boguslavskiy is a full-stack developer & online presence consultant based out of New York City. He's been offering freelance marketing & development services for over a decade. He currently manages Rapid Purple - and online webmaster resources center; and Media Explode - a full service marketing agency.

Leave a comment

Your email address will not be published. Required fields are marked *