FREAK, your 1A-server is secure, but are you?

Last week another SSL vulnerability came to light: the FREAK attack. The good news is that your 1A-server has been secure for this vulnerability for years already, but your own browser could be vulnerable.

The origin of this vulnerability lies with the US government. Until 1999 they compelled companies to use encryption which could always be cracked by a supercomputer. Today, the average laptop is more powerful than those former supercomputers. These old ciphers however have not been removed from all browsers and websites.

When both your browser and the website you are visiting are vulnerable, a person with malicious intents can force both sides to use those old, weak cyphers. The result is that that person can intercept and even customize that traffic.

At first it only seemed that Android and iOS (iPhone & iPad) were vulnerable, but later it came to light that Internet Explorer was susceptible to this vulnerability as well. Most suppliers of vulnerable browsers have released updates by now. So, when you are using a vulnerable browser, install the latest updates as soon as possible. You can easily test your browser(s) yourself »

More information about the FREAK attack »


Richard de Vroede

A perfectionistic Jack-of-all-trades who dedicates all of his passion to his work.