Flutterby™! :

Next unread comment / Catchup all unread comments User Account Info | Logout | XML/Pilot/etc versions | Long version (with comments) | Weblog archives | Site Map | | Browse Topics

2015-03-03 19:22:40.790929+00 by Dan Lyke 0 comments

Ed Felten: FREAK Attack: The Chickens of ‘90s Crypto Restriction Come Home to Roost. Notes on why U.S. crypto policy has been harmful, spurred by the FREAK attack on SSL/TLS connections.

A group of cryptographers at INRIA, Microsoft Research and IMDEA have discovered some serious vulnerabilities in OpenSSL (e.g., Android) clients and Apple TLS/SSL clients (e.g., Safari) that allow a 'man in the middle attacker' to downgrade connections from 'strong' RSA to 'export-grade' RSA. These attacks are real and exploitable against a shocking number of websites -- including government websites. Patch soon and be careful.

[ related topics: Apple Computer Humor Privacy Weblogs Microsoft moron Civil Liberties Cryptography Birds Government ]

comments in ascending chronological order (reverse):